From 79de598269bf830660f875ba3ba8d0bbd523f12d Mon Sep 17 00:00:00 2001
From: Matt Schwager <matt.schwager@trailofbits.com>
Date: Thu, 11 Sep 2025 14:17:21 -0400
Subject: [PATCH 1/3] Bump pack versions, and fix NamedType

---
 cpp/lib/codeql-pack.lock.yml                  | 24 ++++++++++++++--
 cpp/src/codeql-pack.lock.yml                  | 24 +++++++++-------
 cpp/test/codeql-pack.lock.yml                 | 24 +++++++++-------
 go/src/codeql-pack.lock.yml                   | 18 ++++++------
 .../MissingMinVersionTLS.ql                   |  6 ++--
 go/test/codeql-pack.lock.yml                  | 18 ++++++------
 java/src/codeql-pack.lock.yml                 | 28 +++++++++++--------
 java/test/codeql-pack.lock.yml                | 28 +++++++++++--------
 8 files changed, 104 insertions(+), 66 deletions(-)

diff --git a/cpp/lib/codeql-pack.lock.yml b/cpp/lib/codeql-pack.lock.yml
index e7600d8..95d5312 100644
--- a/cpp/lib/codeql-pack.lock.yml
+++ b/cpp/lib/codeql-pack.lock.yml
@@ -1,10 +1,28 @@
 ---
 lockVersion: 1.0.0
 dependencies:
+  codeql/controlflow:
+    version: 2.0.14
   codeql/cpp-all:
-    version: 0.6.1
+    version: 5.5.0
+  codeql/dataflow:
+    version: 2.0.14
+  codeql/mad:
+    version: 1.0.30
+  codeql/quantum:
+    version: 0.0.8
+  codeql/rangeanalysis:
+    version: 1.0.30
   codeql/ssa:
-    version: 0.0.14
+    version: 2.0.6
   codeql/tutorial:
-    version: 0.0.7
+    version: 1.0.30
+  codeql/typeflow:
+    version: 1.0.30
+  codeql/typetracking:
+    version: 2.0.14
+  codeql/util:
+    version: 2.0.17
+  codeql/xml:
+    version: 1.0.30
 compiled: false
diff --git a/cpp/src/codeql-pack.lock.yml b/cpp/src/codeql-pack.lock.yml
index 55116c2..95d5312 100644
--- a/cpp/src/codeql-pack.lock.yml
+++ b/cpp/src/codeql-pack.lock.yml
@@ -1,24 +1,28 @@
 ---
 lockVersion: 1.0.0
 dependencies:
+  codeql/controlflow:
+    version: 2.0.14
   codeql/cpp-all:
-    version: 3.0.0
+    version: 5.5.0
   codeql/dataflow:
-    version: 1.1.7
+    version: 2.0.14
   codeql/mad:
-    version: 1.0.13
+    version: 1.0.30
+  codeql/quantum:
+    version: 0.0.8
   codeql/rangeanalysis:
-    version: 1.0.13
+    version: 1.0.30
   codeql/ssa:
-    version: 1.0.13
+    version: 2.0.6
   codeql/tutorial:
-    version: 1.0.13
+    version: 1.0.30
   codeql/typeflow:
-    version: 1.0.13
+    version: 1.0.30
   codeql/typetracking:
-    version: 1.0.13
+    version: 2.0.14
   codeql/util:
-    version: 2.0.0
+    version: 2.0.17
   codeql/xml:
-    version: 1.0.13
+    version: 1.0.30
 compiled: false
diff --git a/cpp/test/codeql-pack.lock.yml b/cpp/test/codeql-pack.lock.yml
index 55116c2..95d5312 100644
--- a/cpp/test/codeql-pack.lock.yml
+++ b/cpp/test/codeql-pack.lock.yml
@@ -1,24 +1,28 @@
 ---
 lockVersion: 1.0.0
 dependencies:
+  codeql/controlflow:
+    version: 2.0.14
   codeql/cpp-all:
-    version: 3.0.0
+    version: 5.5.0
   codeql/dataflow:
-    version: 1.1.7
+    version: 2.0.14
   codeql/mad:
-    version: 1.0.13
+    version: 1.0.30
+  codeql/quantum:
+    version: 0.0.8
   codeql/rangeanalysis:
-    version: 1.0.13
+    version: 1.0.30
   codeql/ssa:
-    version: 1.0.13
+    version: 2.0.6
   codeql/tutorial:
-    version: 1.0.13
+    version: 1.0.30
   codeql/typeflow:
-    version: 1.0.13
+    version: 1.0.30
   codeql/typetracking:
-    version: 1.0.13
+    version: 2.0.14
   codeql/util:
-    version: 2.0.0
+    version: 2.0.17
   codeql/xml:
-    version: 1.0.13
+    version: 1.0.30
 compiled: false
diff --git a/go/src/codeql-pack.lock.yml b/go/src/codeql-pack.lock.yml
index a3cbfd5..9c9d2cf 100644
--- a/go/src/codeql-pack.lock.yml
+++ b/go/src/codeql-pack.lock.yml
@@ -1,20 +1,22 @@
 ---
 lockVersion: 1.0.0
 dependencies:
+  codeql/controlflow:
+    version: 2.0.14
   codeql/dataflow:
-    version: 1.1.7
+    version: 2.0.14
   codeql/go-all:
-    version: 3.0.0
+    version: 4.3.3
   codeql/mad:
-    version: 1.0.13
+    version: 1.0.30
   codeql/ssa:
-    version: 1.0.13
+    version: 2.0.6
   codeql/threat-models:
-    version: 1.0.13
+    version: 1.0.30
   codeql/tutorial:
-    version: 1.0.13
+    version: 1.0.30
   codeql/typetracking:
-    version: 1.0.13
+    version: 2.0.14
   codeql/util:
-    version: 2.0.0
+    version: 2.0.17
 compiled: false
diff --git a/go/src/security/MissingMinVersionTLS/MissingMinVersionTLS.ql b/go/src/security/MissingMinVersionTLS/MissingMinVersionTLS.ql
index b79bb8b..8a544a0 100644
--- a/go/src/security/MissingMinVersionTLS/MissingMinVersionTLS.ql
+++ b/go/src/security/MissingMinVersionTLS/MissingMinVersionTLS.ql
@@ -94,12 +94,12 @@ predicate configOrConfigPointer(Type t) {
     ) or 
     exists(Type tp | 
         tp.hasQualifiedName("crypto/tls", "Config") and
-        t.(NamedType).getUnderlyingType().(StructType).hasField(_, tp)
+        t.(DefinedType).getUnderlyingType().(StructType).hasField(_, tp)
     ) or 
     exists(Type tp, Type tp2 | 
         tp.hasQualifiedName("crypto/tls", "Config") and
         tp2 = tp.getPointerType+() and
-        t.(NamedType).getUnderlyingType().(StructType).hasField(_, tp2)
+        t.(DefinedType).getUnderlyingType().(StructType).hasField(_, tp2)
     )
 }
 
@@ -149,4 +149,4 @@ where
     ) else
         any()
 
-select configStruct, "TLS.Config.MinVersion is never set for variable $@ ", v, v.getName()
\ No newline at end of file
+select configStruct, "TLS.Config.MinVersion is never set for variable $@ ", v, v.getName()
diff --git a/go/test/codeql-pack.lock.yml b/go/test/codeql-pack.lock.yml
index a3cbfd5..9c9d2cf 100644
--- a/go/test/codeql-pack.lock.yml
+++ b/go/test/codeql-pack.lock.yml
@@ -1,20 +1,22 @@
 ---
 lockVersion: 1.0.0
 dependencies:
+  codeql/controlflow:
+    version: 2.0.14
   codeql/dataflow:
-    version: 1.1.7
+    version: 2.0.14
   codeql/go-all:
-    version: 3.0.0
+    version: 4.3.3
   codeql/mad:
-    version: 1.0.13
+    version: 1.0.30
   codeql/ssa:
-    version: 1.0.13
+    version: 2.0.6
   codeql/threat-models:
-    version: 1.0.13
+    version: 1.0.30
   codeql/tutorial:
-    version: 1.0.13
+    version: 1.0.30
   codeql/typetracking:
-    version: 1.0.13
+    version: 2.0.14
   codeql/util:
-    version: 2.0.0
+    version: 2.0.17
 compiled: false
diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml
index b1acfc0..f55d5af 100644
--- a/java/src/codeql-pack.lock.yml
+++ b/java/src/codeql-pack.lock.yml
@@ -1,28 +1,32 @@
 ---
 lockVersion: 1.0.0
 dependencies:
+  codeql/controlflow:
+    version: 2.0.14
   codeql/dataflow:
-    version: 1.1.5
+    version: 2.0.14
   codeql/java-all:
-    version: 4.2.0
+    version: 7.6.1
   codeql/mad:
-    version: 1.0.11
+    version: 1.0.30
+  codeql/quantum:
+    version: 0.0.8
   codeql/rangeanalysis:
-    version: 1.0.11
+    version: 1.0.30
   codeql/regex:
-    version: 1.0.11
+    version: 1.0.30
   codeql/ssa:
-    version: 1.0.11
+    version: 2.0.6
   codeql/threat-models:
-    version: 1.0.11
+    version: 1.0.30
   codeql/tutorial:
-    version: 1.0.11
+    version: 1.0.30
   codeql/typeflow:
-    version: 1.0.11
+    version: 1.0.30
   codeql/typetracking:
-    version: 1.0.11
+    version: 2.0.14
   codeql/util:
-    version: 1.0.11
+    version: 2.0.17
   codeql/xml:
-    version: 1.0.11
+    version: 1.0.30
 compiled: false
diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml
index b1acfc0..f55d5af 100644
--- a/java/test/codeql-pack.lock.yml
+++ b/java/test/codeql-pack.lock.yml
@@ -1,28 +1,32 @@
 ---
 lockVersion: 1.0.0
 dependencies:
+  codeql/controlflow:
+    version: 2.0.14
   codeql/dataflow:
-    version: 1.1.5
+    version: 2.0.14
   codeql/java-all:
-    version: 4.2.0
+    version: 7.6.1
   codeql/mad:
-    version: 1.0.11
+    version: 1.0.30
+  codeql/quantum:
+    version: 0.0.8
   codeql/rangeanalysis:
-    version: 1.0.11
+    version: 1.0.30
   codeql/regex:
-    version: 1.0.11
+    version: 1.0.30
   codeql/ssa:
-    version: 1.0.11
+    version: 2.0.6
   codeql/threat-models:
-    version: 1.0.11
+    version: 1.0.30
   codeql/tutorial:
-    version: 1.0.11
+    version: 1.0.30
   codeql/typeflow:
-    version: 1.0.11
+    version: 1.0.30
   codeql/typetracking:
-    version: 1.0.11
+    version: 2.0.14
   codeql/util:
-    version: 1.0.11
+    version: 2.0.17
   codeql/xml:
-    version: 1.0.11
+    version: 1.0.30
 compiled: false

From af09db8db8fe3902153817387ab9a2c1e6ff793f Mon Sep 17 00:00:00 2001
From: Matt Schwager <matt.schwager@trailofbits.com>
Date: Thu, 11 Sep 2025 14:31:24 -0400
Subject: [PATCH 2/3] Verbose testing

---
 .github/workflows/test.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 458e78e..a55dd8d 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -14,6 +14,4 @@ jobs:
         uses: github/codeql-action/init@v3
       - name: Run tests
         run: |
-          ${{ steps.init.outputs.codeql-path }} test run ./cpp/test/
-          ${{ steps.init.outputs.codeql-path }} test run ./go/test/
-          ${{ steps.init.outputs.codeql-path }} test run ./java/test/
+          ${{ steps.init.outputs.codeql-path }} test run -vvv ./java/test/

From f4c41012a714481bfe67f119e942010b77e04e77 Mon Sep 17 00:00:00 2001
From: Matt Schwager <matt.schwager@trailofbits.com>
Date: Fri, 12 Sep 2025 08:24:59 -0400
Subject: [PATCH 3/3] Try manual codeql installation

---
 .github/workflows/test.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a55dd8d..3bf0224 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,8 +10,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - id: init
-        uses: github/codeql-action/init@v3
       - name: Run tests
         run: |
-          ${{ steps.init.outputs.codeql-path }} test run -vvv ./java/test/
+          wget https://github.com/github/codeql-cli-binaries/releases/download/v2.23.0/codeql-linux64.zip
+          unzip codeql-linux64.zip
+          ./codeql/codeql --version
+          ./codeql/codeql pack install ./java/src/
+          ./codeql/codeql pack install ./java/test/
+          ./codeql/codeql test run -vvv ./java/test/