From ca913b452c96ef82ace816014a85c15f838dbc6f Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Tue, 15 Jul 2025 20:36:07 +0100
Subject: [PATCH 1/3] C++: Don't summarize calls through function pointers in
 FunctionWithWrappers.

---
 cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll b/cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll
index b7a7a95a4271..6d16d58c1ed1 100644
--- a/cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll
@@ -37,7 +37,7 @@ private predicate wrapperFunctionStep(
   not target.isVirtual() and
   not source.isVirtual() and
   source.hasDefinition() and
-  exists(Call call, Expr arg, Parameter sourceParam |
+  exists(FunctionCall call, Expr arg, Parameter sourceParam |
     // there is a 'call' to 'target' with argument 'arg' at index 'targetParamIndex'
     target = resolveCall(call) and
     arg = call.getArgument(targetParamIndex) and
@@ -154,7 +154,7 @@ abstract class FunctionWithWrappers extends Function {
    * Whether 'arg' is an argument in a call to an outermost wrapper function of 'this' function.
    */
   predicate outermostWrapperFunctionCall(Expr arg, string callChain) {
-    exists(Function targetFunc, Call call, int argIndex |
+    exists(Function targetFunc, FunctionCall call, int argIndex |
       targetFunc = resolveCall(call) and
       this.wrapperFunction(targetFunc, argIndex, callChain) and
       (

From df4b338c5d2a115db7a0653b81d3293dae773492 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Wed, 16 Jul 2025 14:11:09 +0100
Subject: [PATCH 2/3] C++: Add change notes.

---
 cpp/ql/lib/change-notes/2025-07-16-FunctionWithWrappers.md | 4 ++++
 cpp/ql/src/change-notes/2025-07-16-FunctionWithWrappers.md | 4 ++++
 2 files changed, 8 insertions(+)
 create mode 100644 cpp/ql/lib/change-notes/2025-07-16-FunctionWithWrappers.md
 create mode 100644 cpp/ql/src/change-notes/2025-07-16-FunctionWithWrappers.md

diff --git a/cpp/ql/lib/change-notes/2025-07-16-FunctionWithWrappers.md b/cpp/ql/lib/change-notes/2025-07-16-FunctionWithWrappers.md
new file mode 100644
index 000000000000..80b70a8c80fa
--- /dev/null
+++ b/cpp/ql/lib/change-notes/2025-07-16-FunctionWithWrappers.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) no longer considers calls through function pointers as wrapper functions.
\ No newline at end of file
diff --git a/cpp/ql/src/change-notes/2025-07-16-FunctionWithWrappers.md b/cpp/ql/src/change-notes/2025-07-16-FunctionWithWrappers.md
new file mode 100644
index 000000000000..0c3db774fa41
--- /dev/null
+++ b/cpp/ql/src/change-notes/2025-07-16-FunctionWithWrappers.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Due to changes in the `FunctionWithWrappers` library (`semmle.code.cpp.security.FunctionWithWrappers`) the primary alert location generated by the queries `cpp/path-injection`, `cpp/sql-injection`, `cpp/tainted-format-string`, and `cpp/command-line-injection` may have changed.
\ No newline at end of file

From 8b953e4f22bdb8adfbce6bae64702eaef5328443 Mon Sep 17 00:00:00 2001
From: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Date: Wed, 16 Jul 2025 14:28:04 +0100
Subject: [PATCH 3/3] C++: No need for 'resolveCall' anymore.

---
 cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll b/cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll
index 6d16d58c1ed1..b66731678475 100644
--- a/cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll
+++ b/cpp/ql/lib/semmle/code/cpp/security/FunctionWithWrappers.qll
@@ -17,7 +17,6 @@
 
 import cpp
 import PrintfLike
-private import semmle.code.cpp.ir.dataflow.ResolveCall
 
 bindingset[index]
 private string toCause(Function func, int index) {
@@ -39,7 +38,7 @@ private predicate wrapperFunctionStep(
   source.hasDefinition() and
   exists(FunctionCall call, Expr arg, Parameter sourceParam |
     // there is a 'call' to 'target' with argument 'arg' at index 'targetParamIndex'
-    target = resolveCall(call) and
+    target = call.getTarget() and
     arg = call.getArgument(targetParamIndex) and
     // 'call' is enclosed in 'source'
     source = call.getEnclosingFunction() and
@@ -155,7 +154,7 @@ abstract class FunctionWithWrappers extends Function {
    */
   predicate outermostWrapperFunctionCall(Expr arg, string callChain) {
     exists(Function targetFunc, FunctionCall call, int argIndex |
-      targetFunc = resolveCall(call) and
+      targetFunc = call.getTarget() and
       this.wrapperFunction(targetFunc, argIndex, callChain) and
       (
         exists(Function sourceFunc | sourceFunc = call.getEnclosingFunction() |