github
diff --git a/‎.devcontainer/Dockerfile.codespaces
+7 b/‎.devcontainer/Dockerfile.codespaces
+7
diff --git a/‎.devcontainer/devcontainer.json
+4-1 b/‎.devcontainer/devcontainer.json
+4-1
diff --git a/‎.github/codeql/codeql-config.yml
+1 b/‎.github/codeql/codeql-config.yml
+1
diff --git a/‎.github/workflows/codegen.yml
+34 b/‎.github/workflows/codegen.yml
+34
diff --git a/‎.github/workflows/swift.yml
+27-50 b/‎.github/workflows/swift.yml
+27-50
diff --git a/‎actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
+1-1 b/‎actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
+1-1
diff --git a/‎actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
+1-1 b/‎actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
+1-1
diff --git a/‎actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
+1-1 b/‎actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
+1-1
diff --git a/‎actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
+1-1 b/‎actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
+1-1
diff --git a/‎actions/ql/src/change-notes/2025-03-13-environment-query-names.md
+6 b/‎actions/ql/src/change-notes/2025-03-13-environment-query-names.md
+6
diff --git a/‎cpp/ql/lib/ext/CA2CAEX.model.yml
+13-13 b/‎cpp/ql/lib/ext/CA2CAEX.model.yml
+13-13
diff --git a/‎cpp/ql/lib/ext/CAtlArray.model.yml
+10-10 b/‎cpp/ql/lib/ext/CAtlArray.model.yml
+10-10
diff --git a/‎cpp/ql/lib/ext/CAtlFile.model.yml
+4-4 b/‎cpp/ql/lib/ext/CAtlFile.model.yml
+4-4
diff --git a/‎cpp/ql/lib/ext/CAtlFileMappingBase.model.yml
+9-9 b/‎cpp/ql/lib/ext/CAtlFileMappingBase.model.yml
+9-9
diff --git a/‎cpp/ql/lib/ext/CAtlList.model.yml
+10-10 b/‎cpp/ql/lib/ext/CAtlList.model.yml
+10-10
diff --git a/‎cpp/ql/lib/ext/CAtlTemporaryFile.model.yml
+3-3 b/‎cpp/ql/lib/ext/CAtlTemporaryFile.model.yml
+3-3
@@ -0,0 +1,7 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04
+
+USER root
+# Install needed packages according to https://codeql.github.com/docs/codeql-overview/system-requirements/
+# most come from the base image, but we need to install some additional ones
+RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y sudo man-db python3.12 npm unminimize
+RUN yes | unminimize
@@ -1,5 +1,4 @@
 {
-  "image": "mcr.microsoft.com/devcontainers/base:ubuntu-24.04",
   "extensions": [
     "rust-lang.rust-analyzer",
     "bungcip.better-toml",
@@ -8,6 +7,10 @@
     "ms-vscode.test-adapter-converter",
     "slevesque.vscode-zipexplorer"
   ],
+  "build": {
+    // Path is relative to the devcontainer.json file.
+    "dockerfile": "Dockerfile.codespaces"
+  },
   "settings": {
     "files.watcherExclude": {
       "**/target/**": true
 
@@ -4,6 +4,7 @@ queries:
   - uses: security-and-quality
 
 paths-ignore:
+  - '/actions/ql/test'
   - '/cpp/'
   - '/java/'
   - '/python/'
 
@@ -0,0 +1,34 @@
+name: Codegen
+
+on:
+  pull_request:
+    paths:
+      - "misc/bazel/**"
+      - "misc/codegen/**"
+      - "*.bazel*"
+      - .github/workflows/codegen.yml
+      - .pre-commit-config.yaml
+    branches:
+      - main
+      - rc/*
+      - codeql-cli-*
+
+permissions:
+  contents: read
+
+jobs:
+  codegen:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v4
+        with:
+          python-version-file: 'misc/codegen/.python-version'
+      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
+        name: Check that python code is properly formatted
+        with:
+          extra_args: autopep8 --all-files
+      - name: Run codegen tests
+        shell: bash
+        run: |
+          bazel test //misc/codegen/...
@@ -18,45 +18,39 @@ on:
       - main
       - rc/*
       - codeql-cli-*
-  push:
-    paths:
-      - "swift/**"
-      - "misc/bazel/**"
-      - "misc/codegen/**"
-      - "shared/**"
-      - "*.bazel*"
-      - .github/workflows/swift.yml
-      - .github/actions/**
-      - codeql-workspace.yml
-      - .pre-commit-config.yaml
-      - "!**/*.md"
-      - "!**/*.qhelp"
-    branches:
-      - main
-      - rc/*
-      - codeql-cli-*
 
 permissions:
   contents: read
 
+defaults:
+  run:
+    shell: bash
+    working-directory: swift
+
 jobs:
-  # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks
-  # without waiting for the macOS build
-  build-and-test-macos:
+  build-and-test:
     if: github.repository_owner == 'github'
-    runs-on: macos-13-xlarge
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./swift/actions/build-and-test
-  qltests-macos:
-    if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }}
-    needs: build-and-test-macos
-    runs-on: macos-13-xlarge
+    strategy:
+      matrix:
+        runner: [ubuntu-latest, macos-13-xlarge]
+      fail-fast: false
+    runs-on: ${{ matrix.runner }}
     steps:
       - uses: actions/checkout@v4
-      - uses: ./swift/actions/run-ql-tests
+      - name: Setup (Linux)
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y uuid-dev zlib1g-dev
+      - name: Build Swift extractor
+        shell: bash
+        run: |
+          bazel run :install
+      - name: Run Swift tests
+        shell: bash
+        run: |
+          bazel test ... --test_tag_filters=-override --test_output=errors
   clang-format:
-    if : ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -65,41 +59,24 @@ jobs:
         with:
           extra_args: clang-format --all-files
   codegen:
-    if : ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: bazelbuild/setup-bazelisk@v2
-      - uses: actions/setup-python@v4
-        with:
-          python-version-file: 'swift/.python-version'
-      - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
-        name: Check that python code is properly formatted
-        with:
-          extra_args: autopep8 --all-files
       - uses: ./.github/actions/fetch-codeql
       - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
         name: Check that QL generated code was checked in
         with:
           extra_args: swift-codegen --all-files
       - name: Generate C++ files
         run: |
-          bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files
+          bazel run codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files
       - uses: actions/upload-artifact@v4
         with:
           name: swift-generated-cpp-files
           path: generated-cpp-files/**
-  database-upgrade-scripts:
-    if : ${{ github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/fetch-codeql
-      - uses: ./swift/actions/database-upgrade-scripts
   check-no-override:
-    if : github.event_name == 'pull_request'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - shell: bash
-        run: bazel test //swift/... --test_tag_filters=override --test_output=errors
+      - name: Check that no override is present in load.bzl
+        run: bazel test ... --test_tag_filters=override --test_output=errors
@@ -1,5 +1,5 @@
 /**
- * @name PATH Enviroment Variable built from user-controlled sources
+ * @name PATH environment variable built from user-controlled sources
  * @description Building the PATH environment variable from user-controlled sources may alter the execution of following system commands
  * @kind path-problem
  * @problem.severity error
 
@@ -1,5 +1,5 @@
 /**
- * @name PATH Enviroment Variable built from user-controlled sources
+ * @name PATH environment variable built from user-controlled sources
  * @description Building the PATH environment variable from user-controlled sources may alter the execution of following system commands
  * @kind path-problem
  * @problem.severity error
 
@@ -1,5 +1,5 @@
 /**
- * @name Enviroment Variable built from user-controlled sources
+ * @name Environment variable built from user-controlled sources
  * @description Building an environment variable from user-controlled sources may alter the execution of following system commands
  * @kind path-problem
  * @problem.severity error
 
@@ -1,5 +1,5 @@
 /**
- * @name Enviroment Variable built from user-controlled sources
+ * @name Environment variable built from user-controlled sources
  * @description Building an environment variable from user-controlled sources may alter the execution of following system commands
  * @kind path-problem
  * @problem.severity error
 
@@ -0,0 +1,6 @@
+---
+category: fix
+---
+* Fixed typos in the query and alert titles for the queries
+  `actions/envpath-injection/critical`, `actions/envpath-injection/medium`,
+  `actions/envvar-injection/critical`, and `actions/envvar-injection/medium`.
@@ -3,16 +3,16 @@ extensions:
       pack: codeql/cpp-all
       extensible: summaryModel
     data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
-      - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
-      - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
-      - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
-      - ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
-      - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
-      - ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
-      - ["", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
-      - ["", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
-      - ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
-      - ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
-      - ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
-      - ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
+      - ["ATL", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
+      - ["ATL", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"]
+      - ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
+      - ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
+      - ["ATL", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
+      - ["ATL", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
+      - ["ATL", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
+      - ["ATL", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
+      - ["ATL", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
+      - ["ATL", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"]
+      - ["ATL", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"]
+      - ["ATL", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"]
+      - ["ATL", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"]
@@ -3,13 +3,13 @@ extensions:
       pack: codeql/cpp-all
       extensible: summaryModel
     data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"]
@@ -3,7 +3,7 @@ extensions:
       pack: codeql/cpp-all
       extensible: summaryModel
     data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
-      - ["", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
-      - ["", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
-      - ["", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
+      - ["ATL", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["ATL", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["ATL", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["ATL", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
@@ -3,12 +3,12 @@ extensions:
       pack: codeql/cpp-all
       extensible: summaryModel
     data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
-      - ["", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
-      - ["", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
-      - ["", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
-      - ["", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
-      - ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
-      - ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
-      - ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
-      - ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["ATL", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"]
@@ -3,13 +3,13 @@ extensions:
       pack: codeql/cpp-all
       extensible: summaryModel
     data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
-      - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
-      - ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
+      - ["ATL", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"]
@@ -3,6 +3,6 @@ extensions:
       pack: codeql/cpp-all
       extensible: summaryModel
     data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance
-      - ["", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
-      - ["", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
-      - ["", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["ATL", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]
+      - ["ATL", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"]
+      - ["ATL", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"]