github
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 7 additions & 7 deletions b/‎CONTRIBUTING.md‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎change-notes/1.24/analysis-cpp.md‎
Lines changed: 1 addition & 0 deletions b/‎change-notes/1.24/analysis-cpp.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎change-notes/1.24/analysis-javascript.md‎
Lines changed: 3 additions & 0 deletions b/‎change-notes/1.24/analysis-javascript.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎cpp/ql/src/Critical/NewDelete.qll‎
Lines changed: 1 addition & 0 deletions b/‎cpp/ql/src/Critical/NewDelete.qll‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎cpp/ql/src/semmle/code/cpp/Variable.qll‎
Lines changed: 43 additions & 0 deletions b/‎cpp/ql/src/semmle/code/cpp/Variable.qll‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎cpp/ql/src/semmle/code/cpp/controlflow/internal/CFG.qll‎
Lines changed: 1 addition & 2 deletions b/‎cpp/ql/src/semmle/code/cpp/controlflow/internal/CFG.qll‎
Lines changed: 1 addition & 2 deletions
@@ -6,22 +6,22 @@ Before we accept your pull request, we require that you have agreed to our Contr
 
 ## Adding a new query
 
-If you have an idea for a query that you would like to share with other Semmle users, please open a pull request to add it to this repository. 
-Follow the steps below to help other users understand what your query does, and to ensure that your query is consistent with the other Semmle queries.
+If you have an idea for a query that you would like to share with other CodeQL users, please open a pull request to add it to this repository.
+Follow the steps below to help other users understand what your query does, and to ensure that your query is consistent with the other CodeQL queries.
 
 1. **Consult the documentation for query writers**
 
    There is lots of useful documentation to help you write queries, ranging from information about query file structure to tutorials for specific target languages. For more information on the documentation available, see [Writing CodeQL queries](https://help.semmle.com/QL/learn-ql/writing-queries/writing-queries.html) on [help.semmle.com](https://help.semmle.com).
 
 2. **Format your code correctly**
 
-   All of Semmle's standard queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use CodeQL for VS Code, you can autoformat your query in the [Editor](https://help.semmle.com/codeql/codeql-for-vscode/reference/editor.html#autoformatting). For more information, see the [CodeQL style guide](https://github.com/Semmle/ql/blob/master/docs/ql-style-guide.md).
+   All CodeQL standard queries and libraries are uniformly formatted for clarity and consistency, so we strongly recommend that all contributions follow the same formatting guidelines. If you use CodeQL for VS Code, you can autoformat your query in the [Editor](https://help.semmle.com/codeql/codeql-for-vscode/reference/editor.html#autoformatting). For more information, see the [CodeQL style guide](https://github.com/Semmle/ql/blob/master/docs/ql-style-guide.md).
 
 3. **Make sure your query has the correct metadata**
 
-   Query metadata is used by Semmle's analysis to identify your query and make sure the query results are displayed properly. 
+   Query metadata is used to identify your query and make sure the query results are displayed properly.
    The most important metadata to include are the `@name`, `@description`, and the `@kind`.
-   Other metadata properties (`@precision`, `@severity`, and `@tags`) are usually added after the query has been reviewed by Semmle staff.
+   Other metadata properties (`@precision`, `@severity`, and `@tags`) are usually added after the query has been reviewed by GitHub staff.
    For more information on writing query metadata, see the [Query metadata style guide](https://github.com/Semmle/ql/blob/master/docs/query-metadata-style-guide.md).
 
 4. **Make sure the `select` statement is compatible with the query type**
@@ -39,11 +39,11 @@ Follow the steps below to help other users understand what your query does, and
      * JavaScript: `ql/javascript/ql/src`
      * Python: `ql/python/ql/src`
 
-   Each language-specific directory contains further subdirectories that group queries based on their `@tags` properties or purpose. Select the appropriate subdirectory for your new query, or create a new one if necessary. 
+   Each language-specific directory contains further subdirectories that group queries based on their `@tags` properties or purpose. Select the appropriate subdirectory for your new query, or create a new one if necessary.
 
 6. **Write a query help file**
 
-   Query help files explain the purpose of your query to other users. Write your query help in a `.qhelp` file and save it in the same directory as your new query. 
+   Query help files explain the purpose of your query to other users. Write your query help in a `.qhelp` file and save it in the same directory as your new query.
    For more information on writing query help, see the [Query help style guide](https://github.com/Semmle/ql/blob/master/docs/query-help-style-guide.md).
 
 7. **Maintain backwards compatibility**
 
@@ -1,6 +1,6 @@
 # CodeQL
 
-This open source repository contains the standard CodeQL libraries and queries that power [LGTM](https://lgtm.com), and the other products that [Semmle](https://semmle.com) makes available to its customers worldwide.
+This open source repository contains the standard CodeQL libraries and queries that power [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com) makes available to its customers worldwide.
 
 ## How do I learn CodeQL and run queries?
 
@@ -13,4 +13,4 @@ We welcome contributions to our standard library and standard checks. Do you hav
 
 ## License
 
-The code in this repository is licensed under [Apache License 2.0](LICENSE) by [Semmle](https://semmle.com).
+The code in this repository is licensed under [Apache License 2.0](LICENSE) by [GitHub](https://github.com).
@@ -18,6 +18,7 @@ The following changes in version 1.24 affect C/C++ analysis in all applications.
 | No space for zero terminator (`cpp/no-space-for-terminator`) | More true positive results | This query now identifies a wider variety of buffer allocations using the `semmle.code.cpp.models.interfaces.Allocation` library. |
 | Memory is never freed (`cpp/memory-never-freed`) | More true positive results | This query now identifies a wider variety of buffer allocations using the `semmle.code.cpp.models.interfaces.Allocation` library. |
 | Memory may not be freed (`cpp/memory-may-not-be-freed`) | More true positive results | This query now identifies a wider variety of buffer allocations using the `semmle.code.cpp.models.interfaces.Allocation` library. |
+| Mismatching new/free or malloc/delete (`cpp/new-free-mismatch`) | Fewer false positive results | Fixed false positive results in template code. |
 | Missing return statement (`cpp/missing-return`) | Fewer false positive results | Functions containing `asm` statements are no longer highlighted by this query. |
 | No space for zero terminator (`cpp/no-space-for-terminator`) | More correct results | String arguments to formatting functions are now (usually) expected to be null terminated strings. |
 | Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) |  | This query is no longer run on LGTM. |
 
@@ -33,6 +33,7 @@
   - [for-own](https://www.npmjs.com/package/for-own)
   - [http2](https://nodejs.org/api/http2.html)
   - [lazy-cache](https://www.npmjs.com/package/lazy-cache)
+  - [mongodb](https://www.npmjs.com/package/mongodb)
   - [react](https://www.npmjs.com/package/react)
   - [request](https://www.npmjs.com/package/request)
   - [send](https://www.npmjs.com/package/send)
@@ -67,6 +68,8 @@
 | Uncontrolled command line (`js/command-line-injection`) | More results | This query now recognizes additional ways of constructing arguments to `cmd.exe` and `/bin/sh`. |
 | Syntax error (`js/syntax-error`) | Lower severity | This results of this query are now displayed with lower severity. |
 | Use of password hash with insufficient computational effort (`js/insufficient-password-hash`) | Fewer false positive results | This query now recognizes additional cases that do not require secure hashing. |
+| Useless regular-expression character escape (`js/useless-regexp-character-escape`) | Fewer false positive results | This query now distinguishes escapes in strings and regular expression literals. |
+| Identical operands (`js/redundant-operation`) | Fewer results | This query now recognizes cases where the operands change a value using ++/-- expressions. |
 
 ## Changes to libraries
 
 
@@ -12,6 +12,7 @@ import semmle.code.cpp.dataflow.DataFlow
  */
 predicate allocExpr(Expr alloc, string kind) {
   isAllocationExpr(alloc) and
+  not alloc.isFromUninstantiatedTemplate(_) and
   (
     alloc instanceof FunctionCall and
     kind = "malloc"
 
@@ -366,6 +366,49 @@ class LocalVariable extends LocalScopeVariable, @localvariable {
   }
 }
 
+/**
+ * A variable whose contents always have static storage duration. This can be a
+ * global variable, a namespace variable, a static local variable, or a static
+ * member variable.
+ */
+class StaticStorageDurationVariable extends Variable {
+  StaticStorageDurationVariable() {
+    this instanceof GlobalOrNamespaceVariable
+    or
+    this.(LocalVariable).isStatic()
+    or
+    this.(MemberVariable).isStatic()
+  }
+
+  /**
+   * Holds if the initializer for this variable is evaluated at compile time.
+   */
+  predicate hasConstantInitialization() {
+    not runtimeExprInStaticInitializer(this.getInitializer().getExpr())
+  }
+}
+
+/**
+ * Holds if `e` is an expression in a static initializer that must be evaluated
+ * at run time. This predicate computes "is non-const" instead of "is const"
+ * since computing "is const" for an aggregate literal with many children would
+ * either involve recursion through `forall` on those children or an iteration
+ * through the rank numbers of the children, both of which can be slow.
+ */
+private predicate runtimeExprInStaticInitializer(Expr e) {
+  inStaticInitializer(e) and
+  if e instanceof AggregateLiteral
+  then runtimeExprInStaticInitializer(e.getAChild())
+  else not e.getFullyConverted().isConstant()
+}
+
+/** Holds if `e` is part of the initializer of a `StaticStorageDurationVariable`. */
+private predicate inStaticInitializer(Expr e) {
+  exists(StaticStorageDurationVariable var | e = var.getInitializer().getExpr())
+  or
+  inStaticInitializer(e.getParent())
+}
+
 /**
  * A C/C++ variable which has global scope or namespace scope. For example the
  * variables `a` and `b` in the following code:
 
@@ -443,8 +443,7 @@ private Node getControlOrderChildSparse(Node n, int i) {
 private predicate skipInitializer(Initializer init) {
   exists(LocalVariable local |
     init = local.getInitializer() and
-    local.isStatic() and
-    not runtimeExprInStaticInitializer(init.getExpr())
+    local.(StaticStorageDurationVariable).hasConstantInitialization()
   )
 }
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ import semmle.code.cpp.dataflow.DataFlow`
`12`	`12`	`*/`
`13`	`13`	`predicate allocExpr(Expr alloc, string kind) {`
`14`	`14`	`isAllocationExpr(alloc) and`
	`15`	`+ not alloc.isFromUninstantiatedTemplate(_) and`
`15`	`16`	`(`
`16`	`17`	`alloc instanceof FunctionCall and`
`17`	`18`	`kind = "malloc"`
Original file line number	Diff line number	Diff line change
`@@ -443,8 +443,7 @@ private Node getControlOrderChildSparse(Node n, int i) {`
`443`	`443`	`private predicate skipInitializer(Initializer init) {`
`444`	`444`	`exists(LocalVariable local \|`
`445`	`445`	`init = local.getInitializer() and`
`446`		`- local.isStatic() and`
`447`		`- not runtimeExprInStaticInitializer(init.getExpr())`
	`446`	`+ local.(StaticStorageDurationVariable).hasConstantInitialization()`
`448`	`447`	`)`
`449`	`448`	`}`
`450`	`449`