codeql-development-mcp-server 2.24.2-rc2 → 2.24.2-rc3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql-development-mcp-server",
-  "version": "2.24.2-rc2",
+  "version": "2.24.2-rc3",
   "description": "An MCP server supporting LLM requests for CodeQL development tools and resources.",
   "main": "dist/codeql-development-mcp-server.js",
   "type": "module",

package/ql/actions/tools/src/PrintAST/PrintAST.md

@@ -0,0 +1,53 @@
+# Print AST for GitHub Actions
+
+Outputs a representation of the Abstract Syntax Tree (AST) for GitHub Actions workflows and composite actions.
+
+## Overview
+
+The Abstract Syntax Tree is a hierarchical representation of source code structure. Each node represents a syntactic construct (job, step, expression, etc.) and edges represent parent-child containment relationships.
+
+This query produces the full AST for specified GitHub Actions YAML files, which is useful for understanding workflow structure, inspecting how the CodeQL extractor parses action definitions, and debugging query logic that operates on AST nodes.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Inspecting how CodeQL represents workflow structure
+- Debugging queries that match on AST node types
+- Understanding parent-child relationships between jobs, steps, and expressions
+- Verifying extractor behavior for composite actions and reusable workflows
+- IDE integration for syntax tree visualization
+
+## Example
+
+The following GitHub Actions workflow demonstrates AST structure through jobs and steps:
+
+```yaml
+name: Example Workflow
+on: [push]
+jobs:
+  build: # Job node in AST
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2 # Step node in AST
+      - name: Build
+        run: make build # Run step with expression
+```
+
+In the resulting AST:
+
+- The workflow root contains job definitions as children
+- Each job contains step nodes
+- `uses` and `run` steps produce distinct AST node types
+
+## Output Format
+
+The query produces a graph via the `PrintAstConfiguration` library:
+
+- `nodes`: Each AST node with its type, label, and properties
+- `edges`: Parent-child relationships forming the syntax tree
+
+## References
+
+- [GitHub Actions Workflow Syntax](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions)
+- [CodeQL Abstract Syntax Trees](https://codeql.github.com/docs/writing-codeql-queries/abstract-syntax-tree/)

package/ql/actions/tools/src/PrintCFG/PrintCFG.md

@@ -26,11 +26,11 @@ The following GitHub Actions workflow demonstrates control flow through jobs and
 name: Example Workflow
 on: [push]
 jobs:
-  test: # COMPLIANT - Job creates CFG node
+  test: # Job creates CFG node
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2 # COMPLIANT - Step creates CFG node
-      - name: Run tests # COMPLIANT - Steps execute sequentially
+      - uses: actions/checkout@v2 # Step creates CFG node
+      - name: Run tests # Steps execute sequentially
         run: echo "Testing"
 ```
 

package/ql/actions/tools/src/codeql-pack.yml

@@ -1,5 +1,5 @@
 name: advanced-security/ql-mcp-actions-tools-src
-version: 2.24.2-rc2
+version: 2.24.2-rc3
 description: 'Queries for codeql-development-mcp-server tools for actions language'
 library: false
 dependencies:

package/ql/cpp/tools/src/CallGraphFrom/CallGraphFrom.md

@@ -0,0 +1,45 @@
+# CallGraphFrom for C++
+
+Displays calls made from a specified function, showing the call graph outbound from the source function.
+
+## Overview
+
+This query identifies all function calls made within the body of a named function, producing an outbound call graph. Given a source function name, it reports each call site and the callee, which is useful for understanding function dependencies and call chains.
+
+The query accepts function names via an external predicate (`sourceFunction`) and supports both simple and qualified name matching.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Mapping outbound dependencies of a specific function
+- Understanding what a function calls and in what order
+- Analyzing call chains for refactoring or security review
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following C++ code demonstrates outbound calls from `sourceFunc`:
+
+```cpp
+void helper1() {}
+void helper2() { helper1(); }
+
+void sourceFunc() {  // Source function for analysis
+    helper1();
+    helper2();
+}
+```
+
+Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern `Call from 'sourceFunc' to 'helper1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call from 'source' to 'callee'"`
+
+## References
+
+- [C++ Functions](https://en.cppreference.com/w/cpp/language/functions)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

package/ql/cpp/tools/src/CallGraphTo/CallGraphTo.md

@@ -0,0 +1,42 @@
+# CallGraphTo for C++
+
+Displays calls made to a specified function, showing the call graph inbound to the target function.
+
+## Overview
+
+This query identifies all call sites that invoke a named function, producing an inbound call graph. Given a target function name, it reports each caller and call location, which is useful for understanding how a function is used across the codebase.
+
+The query accepts function names via an external predicate (`targetFunction`) and supports both simple and qualified name matching.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Finding all callers of a specific function
+- Impact analysis before modifying a function signature
+- Understanding usage patterns and entry points
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following C++ code demonstrates inbound calls to `targetFunc`:
+
+```cpp
+void targetFunc() {}              // Target function for analysis
+
+void caller1() { targetFunc(); }
+void caller2() { targetFunc(); }
+```
+
+Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern `Call to 'targetFunc' from 'caller1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call to 'target' from 'caller'"`
+
+## References
+
+- [C++ Functions](https://en.cppreference.com/w/cpp/language/functions)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

package/ql/cpp/tools/src/PrintAST/PrintAST.md

@@ -0,0 +1,58 @@
+# Print AST for C++
+
+Outputs a representation of the Abstract Syntax Tree (AST) for specified source files.
+
+## Overview
+
+The Abstract Syntax Tree is a hierarchical representation of source code structure. Each node represents a syntactic construct (declaration, statement, expression, etc.) and edges represent parent-child containment relationships.
+
+This query produces the full AST for specified C++ source files, which is useful for understanding code structure, inspecting how the CodeQL extractor parses declarations and expressions, and debugging query logic that operates on AST nodes.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Inspecting how CodeQL represents C++ declarations and expressions
+- Debugging queries that match on AST node types
+- Understanding parent-child relationships between classes, functions, and statements
+- Verifying extractor behavior for templates, macros, and overloaded operators
+- IDE integration for syntax tree visualization
+
+## Example
+
+The following C++ code demonstrates AST structure through declarations and statements:
+
+```cpp
+#include <iostream>
+
+class Example {
+public:
+    void greet(const std::string& name) {  // Function declaration in AST
+        std::cout << "Hello, " << name << "!" << std::endl;
+    }
+};
+
+int main() {  // Top-level declaration
+    Example e;
+    e.greet("World");
+    return 0;
+}
+```
+
+In the resulting AST:
+
+- The class declaration contains member function declarations as children
+- Each function body contains a statement list
+- Call expressions reference their target and arguments as child nodes
+
+## Output Format
+
+The query produces a graph via the `PrintAstConfiguration` library:
+
+- `nodes`: Each AST node with its type, label, and properties
+- `edges`: Parent-child relationships forming the syntax tree
+
+## References
+
+- [C++ Language Reference](https://en.cppreference.com/w/cpp/language)
+- [CodeQL Abstract Syntax Trees](https://codeql.github.com/docs/writing-codeql-queries/abstract-syntax-tree/)

package/ql/cpp/tools/src/PrintCFG/PrintCFG.md

@@ -25,13 +25,13 @@ The following C++ code demonstrates control flow through conditional statements
 ```cpp
 void example(int x) {
     int result = 0;
-    if (x > 0) {                     // COMPLIANT - Branching creates CFG edges
+    if (x > 0) {  // Branching creates CFG edges
         result = 1;
     } else {
         result = -1;
     }
 
-    for (int i = 0; i < 3; i++) {    // COMPLIANT - Loop creates cyclic CFG
+    for (int i = 0; i < 3; i++) {  // Loop creates cyclic CFG
         result = result + i;
     }
 }

package/ql/cpp/tools/src/codeql-pack.yml

@@ -1,5 +1,5 @@
 name: advanced-security/ql-mcp-cpp-tools-src
-version: 2.24.2-rc2
+version: 2.24.2-rc3
 description: 'Queries for codeql-development-mcp-server tools for cpp language'
 library: false
 dependencies:

package/ql/csharp/tools/src/CallGraphFrom/CallGraphFrom.md

@@ -0,0 +1,45 @@
+# CallGraphFrom for `csharp` Source Files
+
+Displays calls made from a specified method, showing the call graph outbound from the source method.
+
+## Overview
+
+This query identifies all method calls made within the body of a named method, producing an outbound call graph. Given a source method name, it reports each call site and the callee, which is useful for understanding method dependencies and call chains.
+
+The query accepts method names via an external predicate (`sourceFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Mapping outbound dependencies of a specific method
+- Understanding what a method calls and in what order
+- Analyzing call chains for refactoring or security review
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following C# code demonstrates outbound calls from `SourceMethod`:
+
+```csharp
+void Helper1() {}
+void Helper2() { Helper1(); }
+
+void SourceMethod() {  // Source method for analysis
+    Helper1();
+    Helper2();
+}
+```
+
+Running with `sourceFunction = "SourceMethod"` produces results showing each call site with the message pattern `Call from 'SourceMethod' to 'Helper1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call from 'source' to 'callee'"`
+
+## References
+
+- [C# Methods](https://learn.microsoft.com/en-us/dotnet/csharp/methods)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

package/ql/csharp/tools/src/CallGraphTo/CallGraphTo.md

@@ -0,0 +1,42 @@
+# CallGraphTo for `csharp` Source Files
+
+Displays calls made to a specified method, showing the call graph inbound to the target method.
+
+## Overview
+
+This query identifies all call sites that invoke a named method, producing an inbound call graph. Given a target method name, it reports each caller and call location, which is useful for understanding how a method is used across the codebase.
+
+The query accepts method names via an external predicate (`targetFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Finding all callers of a specific method
+- Impact analysis before modifying a method signature
+- Understanding usage patterns and entry points
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following C# code demonstrates inbound calls to `TargetMethod`:
+
+```csharp
+void TargetMethod() {}            // Target method for analysis
+
+void Caller1() { TargetMethod(); }
+void Caller2() { TargetMethod(); }
+```
+
+Running with `targetFunction = "TargetMethod"` produces results showing each call site with the message pattern `Call to 'TargetMethod' from 'Caller1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call to 'target' from 'caller'"`
+
+## References
+
+- [C# Methods](https://learn.microsoft.com/en-us/dotnet/csharp/methods)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

package/ql/csharp/tools/src/PrintAST/PrintAST.md

@@ -0,0 +1,56 @@
+# Print AST for `csharp` Source Files
+
+Outputs a representation of the Abstract Syntax Tree (AST) for specified source files.
+
+## Overview
+
+The Abstract Syntax Tree is a hierarchical representation of source code structure. Each node represents a syntactic construct (declaration, statement, expression, etc.) and edges represent parent-child containment relationships.
+
+This query produces the full AST for specified C# source files, which is useful for understanding code structure, inspecting how the CodeQL extractor parses classes and methods, and debugging query logic that operates on AST nodes.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Inspecting how CodeQL represents C# classes, methods, and expressions
+- Debugging queries that match on AST node types
+- Understanding parent-child relationships between namespaces, types, and members
+- Verifying extractor behavior for generics, LINQ, and async/await patterns
+- IDE integration for syntax tree visualization
+
+## Example
+
+The following C# code demonstrates AST structure through class and method declarations:
+
+```csharp
+using System;
+
+public class Example {
+    public void Greet(string name) {  // Method declaration in AST
+        Console.WriteLine($"Hello, {name}!");
+    }
+
+    public static void Main(string[] args) {  // Entry point declaration
+        var e = new Example();
+        e.Greet("World");
+    }
+}
+```
+
+In the resulting AST:
+
+- The class declaration contains method declarations as children
+- Each method body contains a block with statement nodes
+- Call expressions reference their target and arguments as child nodes
+
+## Output Format
+
+The query produces a graph via the `PrintAstConfiguration` library:
+
+- `nodes`: Each AST node with its type, label, and properties
+- `edges`: Parent-child relationships forming the syntax tree
+
+## References
+
+- [C# Language Reference](https://learn.microsoft.com/en-us/dotnet/csharp/)
+- [CodeQL Abstract Syntax Trees](https://codeql.github.com/docs/writing-codeql-queries/abstract-syntax-tree/)

package/ql/csharp/tools/src/PrintCFG/PrintCFG.md

@@ -24,13 +24,13 @@ The following C# code demonstrates control flow through conditional statements a
 
 ```csharp
 public void Example(int x) {
-    if (x > 0) {                     // COMPLIANT - Branching creates CFG edges
+    if (x > 0) {  // Branching creates CFG edges
         Console.WriteLine("Positive");
     } else {
         Console.WriteLine("Non-positive");
     }
 
-    for (int i = 0; i < 3; i++) {    // COMPLIANT - Loop creates cyclic CFG
+    for (int i = 0; i < 3; i++) {  // Loop creates cyclic CFG
         Console.WriteLine(i);
     }
 }

package/ql/csharp/tools/src/codeql-pack.yml

@@ -1,5 +1,5 @@
 name: advanced-security/ql-mcp-csharp-tools-src
-version: 2.24.2-rc2
+version: 2.24.2-rc3
 description: 'Queries for codeql-development-mcp-server tools for csharp language'
 library: false
 dependencies:

package/ql/go/tools/src/CallGraphFrom/CallGraphFrom.md

@@ -0,0 +1,45 @@
+# CallGraphFrom for Go
+
+Displays calls made from a specified function, showing the call graph outbound from the source function.
+
+## Overview
+
+This query identifies all function calls made within the body of a named function, producing an outbound call graph. Given a source function name, it reports each call site and the callee, which is useful for understanding function dependencies and call chains.
+
+The query accepts function names via an external predicate (`sourceFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Mapping outbound dependencies of a specific function
+- Understanding what a function calls and in what order
+- Analyzing call chains for refactoring or security review
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following Go code demonstrates outbound calls from `sourceFunc`:
+
+```go
+func helper1() {}
+func helper2() { helper1() }
+
+func sourceFunc() {  // Source function for analysis
+    helper1()
+    helper2()
+}
+```
+
+Running with `sourceFunction = "sourceFunc"` produces results showing each call site with the message pattern `Call from 'sourceFunc' to 'helper1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call from 'source' to 'callee'"`
+
+## References
+
+- [Go Functions](https://go.dev/doc/effective_go#functions)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

package/ql/go/tools/src/CallGraphTo/CallGraphTo.md

@@ -0,0 +1,42 @@
+# CallGraphTo for Go
+
+Displays calls made to a specified function, showing the call graph inbound to the target function.
+
+## Overview
+
+This query identifies all call sites that invoke a named function, producing an inbound call graph. Given a target function name, it reports each caller and call location, which is useful for understanding how a function is used across the codebase.
+
+The query accepts function names via an external predicate (`targetFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Finding all callers of a specific function
+- Impact analysis before modifying a function signature
+- Understanding usage patterns and entry points
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following Go code demonstrates inbound calls to `targetFunc`:
+
+```go
+func targetFunc() {}              // Target function for analysis
+
+func caller1() { targetFunc() }
+func caller2() { targetFunc() }
+```
+
+Running with `targetFunction = "targetFunc"` produces results showing each call site with the message pattern `Call to 'targetFunc' from 'caller1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call to 'target' from 'caller'"`
+
+## References
+
+- [Go Functions](https://go.dev/doc/effective_go#functions)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

package/ql/go/tools/src/PrintAST/PrintAST.md

@@ -0,0 +1,55 @@
+# Print AST for Go
+
+Outputs a representation of the Abstract Syntax Tree (AST) for specified source files.
+
+## Overview
+
+The Abstract Syntax Tree is a hierarchical representation of source code structure. Each node represents a syntactic construct (declaration, statement, expression, etc.) and edges represent parent-child containment relationships.
+
+This query produces the full AST for specified Go source files, which is useful for understanding code structure, inspecting how the CodeQL extractor parses packages and functions, and debugging query logic that operates on AST nodes.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Inspecting how CodeQL represents Go packages, functions, and expressions
+- Debugging queries that match on AST node types
+- Understanding parent-child relationships between declarations and statements
+- Verifying extractor behavior for goroutines, channels, and interfaces
+- IDE integration for syntax tree visualization
+
+## Example
+
+The following Go code demonstrates AST structure through function declarations and control flow:
+
+```go
+package main
+
+import "fmt"
+
+func greet(name string) {  // Function declaration in AST
+    fmt.Println("Hello, " + name + "!")
+}
+
+func main() {  // Entry point declaration
+    greet("World")
+}
+```
+
+In the resulting AST:
+
+- The package declaration contains function declarations as children
+- Each function body contains a block with statement nodes
+- Call expressions reference their target and arguments as child nodes
+
+## Output Format
+
+The query produces a graph via the `PrintAstConfiguration` library:
+
+- `nodes`: Each AST node with its type, label, and properties
+- `edges`: Parent-child relationships forming the syntax tree
+
+## References
+
+- [Go Language Specification](https://go.dev/ref/spec)
+- [CodeQL Abstract Syntax Trees](https://codeql.github.com/docs/writing-codeql-queries/abstract-syntax-tree/)

package/ql/go/tools/src/PrintCFG/PrintCFG.md

@@ -24,13 +24,13 @@ The following Go code demonstrates control flow through conditional statements a
 
 ```go
 func example(x int) {
-    if x > 0 {                    // COMPLIANT - Branching creates CFG edges
+    if x > 0 {  // Branching creates CFG edges
         fmt.Println("Positive")
     } else {
         fmt.Println("Non-positive")
     }
 
-    for i := 0; i < 3; i++ {      // COMPLIANT - Loop creates cyclic CFG
+    for i := 0; i < 3; i++ {  // Loop creates cyclic CFG
         fmt.Println(i)
     }
 }

package/ql/go/tools/src/codeql-pack.yml

@@ -1,5 +1,5 @@
 name: advanced-security/ql-mcp-go-tools-src
-version: 2.24.2-rc2
+version: 2.24.2-rc3
 description: 'Queries for codeql-development-mcp-server tools for go language'
 library: false
 dependencies:

package/ql/java/tools/src/CallGraphFrom/CallGraphFrom.md

@@ -0,0 +1,45 @@
+# CallGraphFrom for Java
+
+Displays calls made from a specified method, showing the call graph outbound from the source method.
+
+## Overview
+
+This query identifies all method calls made within the body of a named method, producing an outbound call graph. Given a source method name, it reports each call site and the callee, which is useful for understanding method dependencies and call chains.
+
+The query accepts method names via an external predicate (`sourceFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Mapping outbound dependencies of a specific method
+- Understanding what a method calls and in what order
+- Analyzing call chains for refactoring or security review
+- IDE integration for call hierarchy navigation
+
+## Example
+
+The following Java code demonstrates outbound calls from `sourceMethod`:
+
+```java
+void helper1() {}
+void helper2() { helper1(); }
+
+void sourceMethod() {  // Source method for analysis
+    helper1();
+    helper2();
+}
+```
+
+Running with `sourceFunction = "sourceMethod"` produces results showing each call site with the message pattern `Call from 'sourceMethod' to 'helper1'`.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- `select call, "Call from 'source' to 'callee'"`
+
+## References
+
+- [Java Methods](https://docs.oracle.com/javase/tutorial/java/javaOO/methods.html)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)