From 4c9aee2cc7bc889cec3cba996bc05d214142f9c4 Mon Sep 17 00:00:00 2001
From: Tamas Vajk <tamasvajk@github.com>
Date: Wed, 23 Apr 2025 13:28:20 +0200
Subject: [PATCH 1/5] Add query suite tests for swift with shared logic

---
 .../java/query-suite/test.py                  | 30 +++++++----------
 misc/pytest/lib/query-suite-test.py           | 23 +++++++++++++
 .../query-suite/not_included_in_qls.expected  |  9 ++++++
 .../swift-code-quality.qls.expected           |  1 +
 .../swift-code-scanning.qls.expected          | 31 ++++++++++++++++++
 .../swift-security-and-quality.qls.expected   | 32 +++++++++++++++++++
 .../swift-security-extended.qls.expected      | 32 +++++++++++++++++++
 .../posix/query-suite/test.py                 | 23 +++++++++++++
 8 files changed, 163 insertions(+), 18 deletions(-)
 create mode 100644 misc/pytest/lib/query-suite-test.py
 create mode 100644 swift/ql/integration-tests/posix/query-suite/not_included_in_qls.expected
 create mode 100644 swift/ql/integration-tests/posix/query-suite/swift-code-quality.qls.expected
 create mode 100644 swift/ql/integration-tests/posix/query-suite/swift-code-scanning.qls.expected
 create mode 100644 swift/ql/integration-tests/posix/query-suite/swift-security-and-quality.qls.expected
 create mode 100644 swift/ql/integration-tests/posix/query-suite/swift-security-extended.qls.expected
 create mode 100644 swift/ql/integration-tests/posix/query-suite/test.py

diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py
index 83551ecfc19c..b87e48b7f15a 100644
--- a/java/ql/integration-tests/java/query-suite/test.py
+++ b/java/ql/integration-tests/java/query-suite/test.py
@@ -1,29 +1,23 @@
-import os
 import runs_on
 import pytest
+import sys
+
+def get_test_module(semmle_code_dir):
+    import importlib.util
+    spec = importlib.util.spec_from_file_location('test-module', semmle_code_dir / 'ql' / 'misc' / 'pytest' / 'lib' / 'query-suite-test.py')
+    mod = importlib.util.module_from_spec(spec)
+    sys.modules["test-module"] = mod
+    spec.loader.exec_module(mod)
+    return mod
 
 well_known_query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']
 
 @runs_on.posix
 @pytest.mark.parametrize("query_suite", well_known_query_suites)
 def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite):
-    actual = codeql.resolve.queries(query_suite, _capture=True).strip()
-    actual = sorted(actual.splitlines())
-    actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
-    actual_file_name = query_suite + '.actual'
-    expected_files.add(actual_file_name)
-    (cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
+    get_test_module(semmle_code_dir).test(codeql, cwd, expected_files, semmle_code_dir, query_suite)
+
 
 @runs_on.posix
 def test_not_included_queries(codeql, java, cwd, expected_files, semmle_code_dir):
-    all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / 'java' / 'ql' / 'src', _capture=True).strip().splitlines()
-
-    included_in_qls = set()
-    for query_suite in well_known_query_suites:
-        included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
-
-    not_included = sorted(set(all_queries) - included_in_qls)
-    not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
-    not_included_file_name = 'not_included_in_qls.actual'
-    expected_files.add(not_included_file_name)
-    (cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')
+    get_test_module(semmle_code_dir).test_not_included_queries(codeql, 'java', cwd, expected_files, semmle_code_dir, well_known_query_suites)
diff --git a/misc/pytest/lib/query-suite-test.py b/misc/pytest/lib/query-suite-test.py
new file mode 100644
index 000000000000..f25397f459d8
--- /dev/null
+++ b/misc/pytest/lib/query-suite-test.py
@@ -0,0 +1,23 @@
+
+import os
+
+def test(codeql, cwd, expected_files, semmle_code_dir, query_suite):
+    actual = codeql.resolve.queries(query_suite, _capture=True).strip()
+    actual = sorted(actual.splitlines())
+    actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
+    actual_file_name = query_suite + '.actual'
+    expected_files.add(actual_file_name)
+    (cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
+
+def test_not_included_queries(codeql, lang_folder_name, cwd, expected_files, semmle_code_dir, query_suites):
+    all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / lang_folder_name / 'ql' / 'src', _capture=True).strip().splitlines()
+
+    included_in_qls = set()
+    for query_suite in query_suites:
+        included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
+
+    not_included = sorted(set(all_queries) - included_in_qls)
+    not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
+    not_included_file_name = 'not_included_in_qls.actual'
+    expected_files.add(not_included_file_name)
+    (cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')
diff --git a/swift/ql/integration-tests/posix/query-suite/not_included_in_qls.expected b/swift/ql/integration-tests/posix/query-suite/not_included_in_qls.expected
new file mode 100644
index 000000000000..64c776d96d1d
--- /dev/null
+++ b/swift/ql/integration-tests/posix/query-suite/not_included_in_qls.expected
@@ -0,0 +1,9 @@
+ql/swift/ql/src/AlertSuppression.ql
+ql/swift/ql/src/experimental/Security/CWE-022/UnsafeUnpack.ql
+ql/swift/ql/src/queries/Summary/FlowSources.ql
+ql/swift/ql/src/queries/Summary/QuerySinks.ql
+ql/swift/ql/src/queries/Summary/RegexEvals.ql
+ql/swift/ql/src/queries/Summary/SensitiveExprs.ql
+ql/swift/ql/src/queries/Summary/SummaryStats.ql
+ql/swift/ql/src/queries/Summary/TaintReach.ql
+ql/swift/ql/src/queries/ide-contextual-queries/printAst.ql
diff --git a/swift/ql/integration-tests/posix/query-suite/swift-code-quality.qls.expected b/swift/ql/integration-tests/posix/query-suite/swift-code-quality.qls.expected
new file mode 100644
index 000000000000..8b137891791f
--- /dev/null
+++ b/swift/ql/integration-tests/posix/query-suite/swift-code-quality.qls.expected
@@ -0,0 +1 @@
+
diff --git a/swift/ql/integration-tests/posix/query-suite/swift-code-scanning.qls.expected b/swift/ql/integration-tests/posix/query-suite/swift-code-scanning.qls.expected
new file mode 100644
index 000000000000..bee12dbfb8fa
--- /dev/null
+++ b/swift/ql/integration-tests/posix/query-suite/swift-code-scanning.qls.expected
@@ -0,0 +1,31 @@
+ql/swift/ql/src/diagnostics/ExtractedFiles.ql
+ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
+ql/swift/ql/src/diagnostics/internal/AstNodes.ql
+ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
+ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
+ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
+ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
+ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
+ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
+ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
+ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
+ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
+ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
+ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
+ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
+ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
+ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
+ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
+ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
+ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
+ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
+ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
+ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
+ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
+ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
+ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
+ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
+ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
+ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
+ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
+ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
diff --git a/swift/ql/integration-tests/posix/query-suite/swift-security-and-quality.qls.expected b/swift/ql/integration-tests/posix/query-suite/swift-security-and-quality.qls.expected
new file mode 100644
index 000000000000..412d0816affc
--- /dev/null
+++ b/swift/ql/integration-tests/posix/query-suite/swift-security-and-quality.qls.expected
@@ -0,0 +1,32 @@
+ql/swift/ql/src/diagnostics/ExtractedFiles.ql
+ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
+ql/swift/ql/src/diagnostics/internal/AstNodes.ql
+ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
+ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
+ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
+ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
+ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
+ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
+ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
+ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
+ql/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
+ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
+ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
+ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
+ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
+ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
+ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
+ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
+ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
+ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
+ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
+ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
+ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
+ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
+ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
+ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
+ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
+ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
+ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
+ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
+ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
diff --git a/swift/ql/integration-tests/posix/query-suite/swift-security-extended.qls.expected b/swift/ql/integration-tests/posix/query-suite/swift-security-extended.qls.expected
new file mode 100644
index 000000000000..412d0816affc
--- /dev/null
+++ b/swift/ql/integration-tests/posix/query-suite/swift-security-extended.qls.expected
@@ -0,0 +1,32 @@
+ql/swift/ql/src/diagnostics/ExtractedFiles.ql
+ql/swift/ql/src/diagnostics/SuccessfullyExtractedLines.ql
+ql/swift/ql/src/diagnostics/internal/AstNodes.ql
+ql/swift/ql/src/diagnostics/internal/ExtractionErrors.ql
+ql/swift/ql/src/diagnostics/internal/UnresolvedAstNodes.ql
+ql/swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.ql
+ql/swift/ql/src/queries/Security/CWE-020/MissingRegexAnchor.ql
+ql/swift/ql/src/queries/Security/CWE-022/PathInjection.ql
+ql/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
+ql/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
+ql/swift/ql/src/queries/Security/CWE-089/SqlInjection.ql
+ql/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
+ql/swift/ql/src/queries/Security/CWE-116/BadTagFilter.ql
+ql/swift/ql/src/queries/Security/CWE-1204/StaticInitializationVector.ql
+ql/swift/ql/src/queries/Security/CWE-1333/ReDoS.ql
+ql/swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
+ql/swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql
+ql/swift/ql/src/queries/Security/CWE-259/ConstantPassword.ql
+ql/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql
+ql/swift/ql/src/queries/Security/CWE-311/CleartextTransmission.ql
+ql/swift/ql/src/queries/Security/CWE-312/CleartextLogging.ql
+ql/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql
+ql/swift/ql/src/queries/Security/CWE-321/HardcodedEncryptionKey.ql
+ql/swift/ql/src/queries/Security/CWE-327/ECBEncryption.ql
+ql/swift/ql/src/queries/Security/CWE-328/WeakPasswordHashing.ql
+ql/swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.ql
+ql/swift/ql/src/queries/Security/CWE-611/XXE.ql
+ql/swift/ql/src/queries/Security/CWE-730/RegexInjection.ql
+ql/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql
+ql/swift/ql/src/queries/Security/CWE-760/ConstantSalt.ql
+ql/swift/ql/src/queries/Security/CWE-916/InsufficientHashIterations.ql
+ql/swift/ql/src/queries/Security/CWE-943/PredicateInjection.ql
diff --git a/swift/ql/integration-tests/posix/query-suite/test.py b/swift/ql/integration-tests/posix/query-suite/test.py
new file mode 100644
index 000000000000..5394cb8f2ccf
--- /dev/null
+++ b/swift/ql/integration-tests/posix/query-suite/test.py
@@ -0,0 +1,23 @@
+import runs_on
+import pytest
+import sys
+
+def get_test_module(semmle_code_dir):
+    import importlib.util
+    spec = importlib.util.spec_from_file_location('test-module', semmle_code_dir / 'ql' / 'misc' / 'pytest' / 'lib' / 'query-suite-test.py')
+    mod = importlib.util.module_from_spec(spec)
+    sys.modules["test-module"] = mod
+    spec.loader.exec_module(mod)
+    return mod
+
+
+well_known_query_suites = ['swift-code-quality.qls', 'swift-security-and-quality.qls', 'swift-security-extended.qls', 'swift-code-scanning.qls']
+
+@runs_on.posix
+@pytest.mark.parametrize("query_suite", well_known_query_suites)
+def test(codeql, swift, cwd, expected_files, semmle_code_dir, query_suite):
+    get_test_module(semmle_code_dir).test(codeql, cwd, expected_files, semmle_code_dir, query_suite)
+
+@runs_on.posix
+def test_not_included_queries(codeql, swift, cwd, expected_files, semmle_code_dir):
+    get_test_module(semmle_code_dir).test_not_included_queries(codeql, 'swift', cwd, expected_files, semmle_code_dir, well_known_query_suites)

From 522dd51416ec33b5be635a864d1c84e287c6fed3 Mon Sep 17 00:00:00 2001
From: Tamas Vajk <tamasvajk@github.com>
Date: Thu, 24 Apr 2025 08:35:48 +0200
Subject: [PATCH 2/5] Improve query suite test based on feedback

---
 .../java/query-suite/test.py                  | 19 ++++--------
 misc/pytest/lib/query-suite-test.py           | 23 --------------
 misc/pytest/lib/query_suites.py               | 30 +++++++++++++++++++
 .../posix/query-suite/test.py                 | 19 ++++--------
 4 files changed, 40 insertions(+), 51 deletions(-)
 delete mode 100644 misc/pytest/lib/query-suite-test.py
 create mode 100644 misc/pytest/lib/query_suites.py

diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py
index b87e48b7f15a..307a66c14316 100644
--- a/java/ql/integration-tests/java/query-suite/test.py
+++ b/java/ql/integration-tests/java/query-suite/test.py
@@ -1,23 +1,14 @@
 import runs_on
 import pytest
-import sys
-
-def get_test_module(semmle_code_dir):
-    import importlib.util
-    spec = importlib.util.spec_from_file_location('test-module', semmle_code_dir / 'ql' / 'misc' / 'pytest' / 'lib' / 'query-suite-test.py')
-    mod = importlib.util.module_from_spec(spec)
-    sys.modules["test-module"] = mod
-    spec.loader.exec_module(mod)
-    return mod
+from query_suites import *
 
 well_known_query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']
 
 @runs_on.posix
 @pytest.mark.parametrize("query_suite", well_known_query_suites)
-def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite):
-    get_test_module(semmle_code_dir).test(codeql, cwd, expected_files, semmle_code_dir, query_suite)
-
+def test(codeql, java, check_query_suite, query_suite):
+    check_query_suite(query_suite)
 
 @runs_on.posix
-def test_not_included_queries(codeql, java, cwd, expected_files, semmle_code_dir):
-    get_test_module(semmle_code_dir).test_not_included_queries(codeql, 'java', cwd, expected_files, semmle_code_dir, well_known_query_suites)
+def test_not_included_queries(codeql, java, check_queries_not_included):
+    check_queries_not_included('java', well_known_query_suites)
diff --git a/misc/pytest/lib/query-suite-test.py b/misc/pytest/lib/query-suite-test.py
deleted file mode 100644
index f25397f459d8..000000000000
--- a/misc/pytest/lib/query-suite-test.py
+++ /dev/null
@@ -1,23 +0,0 @@
-
-import os
-
-def test(codeql, cwd, expected_files, semmle_code_dir, query_suite):
-    actual = codeql.resolve.queries(query_suite, _capture=True).strip()
-    actual = sorted(actual.splitlines())
-    actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
-    actual_file_name = query_suite + '.actual'
-    expected_files.add(actual_file_name)
-    (cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
-
-def test_not_included_queries(codeql, lang_folder_name, cwd, expected_files, semmle_code_dir, query_suites):
-    all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / lang_folder_name / 'ql' / 'src', _capture=True).strip().splitlines()
-
-    included_in_qls = set()
-    for query_suite in query_suites:
-        included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
-
-    not_included = sorted(set(all_queries) - included_in_qls)
-    not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
-    not_included_file_name = 'not_included_in_qls.actual'
-    expected_files.add(not_included_file_name)
-    (cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')
diff --git a/misc/pytest/lib/query_suites.py b/misc/pytest/lib/query_suites.py
new file mode 100644
index 000000000000..b0b8aea8cf8c
--- /dev/null
+++ b/misc/pytest/lib/query_suites.py
@@ -0,0 +1,30 @@
+
+import os
+import pytest
+
+@pytest.fixture
+def check_query_suite(codeql, cwd, expected_files, semmle_code_dir):
+    def ret(query_suite):
+        actual = codeql.resolve.queries(query_suite, _capture=True).strip()
+        actual = sorted(actual.splitlines())
+        actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
+        actual_file_name = query_suite + '.actual'
+        expected_files.add(actual_file_name)
+        (cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
+    return ret
+
+@pytest.fixture
+def check_queries_not_included(codeql, cwd, expected_files, semmle_code_dir):
+    def ret(lang_folder_name, query_suites):
+        all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / lang_folder_name / 'ql' / 'src', _capture=True).strip().splitlines()
+
+        included_in_qls = set()
+        for query_suite in query_suites:
+            included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
+
+        not_included = sorted(set(all_queries) - included_in_qls)
+        not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
+        not_included_file_name = 'not_included_in_qls.actual'
+        expected_files.add(not_included_file_name)
+        (cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')
+    return ret
diff --git a/swift/ql/integration-tests/posix/query-suite/test.py b/swift/ql/integration-tests/posix/query-suite/test.py
index 5394cb8f2ccf..43babae01259 100644
--- a/swift/ql/integration-tests/posix/query-suite/test.py
+++ b/swift/ql/integration-tests/posix/query-suite/test.py
@@ -1,23 +1,14 @@
 import runs_on
 import pytest
-import sys
-
-def get_test_module(semmle_code_dir):
-    import importlib.util
-    spec = importlib.util.spec_from_file_location('test-module', semmle_code_dir / 'ql' / 'misc' / 'pytest' / 'lib' / 'query-suite-test.py')
-    mod = importlib.util.module_from_spec(spec)
-    sys.modules["test-module"] = mod
-    spec.loader.exec_module(mod)
-    return mod
-
+from query_suites import *
 
 well_known_query_suites = ['swift-code-quality.qls', 'swift-security-and-quality.qls', 'swift-security-extended.qls', 'swift-code-scanning.qls']
 
 @runs_on.posix
 @pytest.mark.parametrize("query_suite", well_known_query_suites)
-def test(codeql, swift, cwd, expected_files, semmle_code_dir, query_suite):
-    get_test_module(semmle_code_dir).test(codeql, cwd, expected_files, semmle_code_dir, query_suite)
+def test(codeql, swift, check_query_suite, query_suite):
+    check_query_suite(query_suite)
 
 @runs_on.posix
-def test_not_included_queries(codeql, swift, cwd, expected_files, semmle_code_dir):
-    get_test_module(semmle_code_dir).test_not_included_queries(codeql, 'swift', cwd, expected_files, semmle_code_dir, well_known_query_suites)
+def test_not_included_queries(codeql, swift, check_queries_not_included):
+    check_queries_not_included('swift', well_known_query_suites)

From a4a24470c864553f7599060b90fb30bc0a2c40c8 Mon Sep 17 00:00:00 2001
From: Tamas Vajk <tamasvajk@github.com>
Date: Thu, 24 Apr 2025 09:06:18 +0200
Subject: [PATCH 3/5] Add query suite inclusion tests for actions, csharp, go,
 javascript, ruby, rust

---
 .../actions-code-quality.qls.expected         |   1 +
 .../actions-code-scanning.qls.expected        |  17 ++
 .../actions-security-and-quality.qls.expected |  33 +++
 .../actions-security-extended.qls.expected    |  23 ++
 .../query-suite/not_included_in_qls.expected  |  11 +
 .../ql/integration-tests/query-suite/test.py  |  14 ++
 .../csharp-code-quality.qls.expected          |  12 +
 .../csharp-code-scanning.qls.expected         |  57 +++++
 .../csharp-security-and-quality.qls.expected  | 173 +++++++++++++++
 .../csharp-security-extended.qls.expected     |  71 ++++++
 .../query-suite/not_included_in_qls.expected  | 128 +++++++++++
 .../posix/query-suite/test.py                 |  14 ++
 .../query-suite/go-code-quality.qls.expected  |   6 +
 .../query-suite/go-code-scanning.qls.expected |  31 +++
 .../go-security-and-quality.qls.expected      |  55 +++++
 .../go-security-extended.qls.expected         |  33 +++
 .../query-suite/not_included_in_qls.expected  |  33 +++
 go/ql/integration-tests/query-suite/test.py   |  14 ++
 .../javascript-code-quality.qls.expected      |   5 +
 .../javascript-code-scanning.qls.expected     |  90 ++++++++
 ...vascript-security-and-quality.qls.expected | 205 ++++++++++++++++++
 .../javascript-security-extended.qls.expected | 107 +++++++++
 .../query-suite/not_included_in_qls.expected  | 148 +++++++++++++
 .../ql/integration-tests/query-suite/test.py  |  14 ++
 .../query-suite/not_included_in_qls.expected  |  36 +++
 .../ruby-code-quality.qls.expected            |   3 +
 .../ruby-code-scanning.qls.expected           |  44 ++++
 .../ruby-security-and-quality.qls.expected    |  54 +++++
 .../ruby-security-extended.qls.expected       |  51 +++++
 ruby/ql/integration-tests/query-suite/test.py |  14 ++
 .../query-suite/not_included_in_qls.expected  |  16 ++
 .../rust-code-quality.qls.expected            |   1 +
 .../rust-code-scanning.qls.expected           |  26 +++
 .../rust-security-and-quality.qls.expected    |  29 +++
 .../rust-security-extended.qls.expected       |  27 +++
 rust/ql/integration-tests/query-suite/test.py |  14 ++
 36 files changed, 1610 insertions(+)
 create mode 100644 actions/ql/integration-tests/query-suite/actions-code-quality.qls.expected
 create mode 100644 actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected
 create mode 100644 actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected
 create mode 100644 actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected
 create mode 100644 actions/ql/integration-tests/query-suite/not_included_in_qls.expected
 create mode 100644 actions/ql/integration-tests/query-suite/test.py
 create mode 100644 csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
 create mode 100644 csharp/ql/integration-tests/posix/query-suite/csharp-code-scanning.qls.expected
 create mode 100644 csharp/ql/integration-tests/posix/query-suite/csharp-security-and-quality.qls.expected
 create mode 100644 csharp/ql/integration-tests/posix/query-suite/csharp-security-extended.qls.expected
 create mode 100644 csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected
 create mode 100644 csharp/ql/integration-tests/posix/query-suite/test.py
 create mode 100644 go/ql/integration-tests/query-suite/go-code-quality.qls.expected
 create mode 100644 go/ql/integration-tests/query-suite/go-code-scanning.qls.expected
 create mode 100644 go/ql/integration-tests/query-suite/go-security-and-quality.qls.expected
 create mode 100644 go/ql/integration-tests/query-suite/go-security-extended.qls.expected
 create mode 100644 go/ql/integration-tests/query-suite/not_included_in_qls.expected
 create mode 100644 go/ql/integration-tests/query-suite/test.py
 create mode 100644 javascript/ql/integration-tests/query-suite/javascript-code-quality.qls.expected
 create mode 100644 javascript/ql/integration-tests/query-suite/javascript-code-scanning.qls.expected
 create mode 100644 javascript/ql/integration-tests/query-suite/javascript-security-and-quality.qls.expected
 create mode 100644 javascript/ql/integration-tests/query-suite/javascript-security-extended.qls.expected
 create mode 100644 javascript/ql/integration-tests/query-suite/not_included_in_qls.expected
 create mode 100644 javascript/ql/integration-tests/query-suite/test.py
 create mode 100644 ruby/ql/integration-tests/query-suite/not_included_in_qls.expected
 create mode 100644 ruby/ql/integration-tests/query-suite/ruby-code-quality.qls.expected
 create mode 100644 ruby/ql/integration-tests/query-suite/ruby-code-scanning.qls.expected
 create mode 100644 ruby/ql/integration-tests/query-suite/ruby-security-and-quality.qls.expected
 create mode 100644 ruby/ql/integration-tests/query-suite/ruby-security-extended.qls.expected
 create mode 100644 ruby/ql/integration-tests/query-suite/test.py
 create mode 100644 rust/ql/integration-tests/query-suite/not_included_in_qls.expected
 create mode 100644 rust/ql/integration-tests/query-suite/rust-code-quality.qls.expected
 create mode 100644 rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected
 create mode 100644 rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected
 create mode 100644 rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected
 create mode 100644 rust/ql/integration-tests/query-suite/test.py

diff --git a/actions/ql/integration-tests/query-suite/actions-code-quality.qls.expected b/actions/ql/integration-tests/query-suite/actions-code-quality.qls.expected
new file mode 100644
index 000000000000..8b137891791f
--- /dev/null
+++ b/actions/ql/integration-tests/query-suite/actions-code-quality.qls.expected
@@ -0,0 +1 @@
+
diff --git a/actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected b/actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected
new file mode 100644
index 000000000000..4a12174ffbda
--- /dev/null
+++ b/actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected
@@ -0,0 +1,17 @@
+ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
+ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
+ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
+ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
+ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
+ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
+ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
+ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
+ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
+ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
+ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
diff --git a/actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected b/actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected
new file mode 100644
index 000000000000..cadb6202fde6
--- /dev/null
+++ b/actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected
@@ -0,0 +1,33 @@
+ql/actions/ql/src/Debug/SyntaxError.ql
+ql/actions/ql/src/Models/CompositeActionsSinks.ql
+ql/actions/ql/src/Models/CompositeActionsSources.ql
+ql/actions/ql/src/Models/CompositeActionsSummaries.ql
+ql/actions/ql/src/Models/ReusableWorkflowsSinks.ql
+ql/actions/ql/src/Models/ReusableWorkflowsSources.ql
+ql/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
+ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
+ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
+ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
+ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
+ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
+ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
+ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
+ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
+ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
+ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
+ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
+ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql
+ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql
+ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
+ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
+ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
+ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
+ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
+ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql
+ql/actions/ql/src/Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql
diff --git a/actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected b/actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected
new file mode 100644
index 000000000000..06a9c6745e48
--- /dev/null
+++ b/actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected
@@ -0,0 +1,23 @@
+ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
+ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
+ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
+ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
+ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
+ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
+ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
+ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
+ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
+ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
+ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
+ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
+ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
+ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
+ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
+ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
+ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
+ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
+ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql
diff --git a/actions/ql/integration-tests/query-suite/not_included_in_qls.expected b/actions/ql/integration-tests/query-suite/not_included_in_qls.expected
new file mode 100644
index 000000000000..8763955a8e40
--- /dev/null
+++ b/actions/ql/integration-tests/query-suite/not_included_in_qls.expected
@@ -0,0 +1,11 @@
+ql/actions/ql/src/Debug/partial.ql
+ql/actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql
+ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql
+ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql
+ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql
+ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql
+ql/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql
+ql/actions/ql/src/experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
+ql/actions/ql/src/experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
+ql/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql
+ql/actions/ql/src/experimental/Security/CWE-918/RequestForgery.ql
diff --git a/actions/ql/integration-tests/query-suite/test.py b/actions/ql/integration-tests/query-suite/test.py
new file mode 100644
index 000000000000..6eb57c090b99
--- /dev/null
+++ b/actions/ql/integration-tests/query-suite/test.py
@@ -0,0 +1,14 @@
+import runs_on
+import pytest
+from query_suites import *
+
+well_known_query_suites = ['actions-code-quality.qls', 'actions-security-and-quality.qls', 'actions-security-extended.qls', 'actions-code-scanning.qls']
+
+@runs_on.posix
+@pytest.mark.parametrize("query_suite", well_known_query_suites)
+def test(codeql, actions, check_query_suite, query_suite):
+    check_query_suite(query_suite)
+
+@runs_on.posix
+def test_not_included_queries(codeql, actions, check_queries_not_included):
+    check_queries_not_included('actions', well_known_query_suites)
diff --git a/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected b/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
new file mode 100644
index 000000000000..533344cbbc27
--- /dev/null
+++ b/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
@@ -0,0 +1,12 @@
+ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
+ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
+ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
+ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
+ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
+ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
+ql/csharp/ql/src/Likely Bugs/ReferenceEqualsOnValueTypes.ql
+ql/csharp/ql/src/Likely Bugs/SelfAssignment.ql
+ql/csharp/ql/src/Likely Bugs/UncheckedCastInEquals.ql
+ql/csharp/ql/src/Performance/UseTryGetValue.ql
+ql/csharp/ql/src/Useless code/DefaultToString.ql
+ql/csharp/ql/src/Useless code/IntGetHashCode.ql
diff --git a/csharp/ql/integration-tests/posix/query-suite/csharp-code-scanning.qls.expected b/csharp/ql/integration-tests/posix/query-suite/csharp-code-scanning.qls.expected
new file mode 100644
index 000000000000..c0ff79af1c16
--- /dev/null
+++ b/csharp/ql/integration-tests/posix/query-suite/csharp-code-scanning.qls.expected
@@ -0,0 +1,57 @@
+ql/csharp/ql/src/Diagnostics/CompilerError.ql
+ql/csharp/ql/src/Diagnostics/CompilerMessage.ql
+ql/csharp/ql/src/Diagnostics/DiagnosticExtractionErrors.ql
+ql/csharp/ql/src/Diagnostics/ExtractedFiles.ql
+ql/csharp/ql/src/Diagnostics/ExtractorError.ql
+ql/csharp/ql/src/Diagnostics/ExtractorMessage.ql
+ql/csharp/ql/src/Metrics/Summaries/LinesOfCode.ql
+ql/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql
+ql/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql
+ql/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql
+ql/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
+ql/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql
+ql/csharp/ql/src/Security Features/CWE-079/XSS.ql
+ql/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql
+ql/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql
+ql/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
+ql/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql
+ql/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql
+ql/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
+ql/csharp/ql/src/Security Features/CWE-117/LogForging.ql
+ql/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql
+ql/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
+ql/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql
+ql/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql
+ql/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
+ql/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql
+ql/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
+ql/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql
+ql/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql
+ql/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql
+ql/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql
+ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
+ql/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql
+ql/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql
+ql/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql
+ql/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql
+ql/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql
+ql/csharp/ql/src/Security Features/CWE-730/ReDoS.ql
+ql/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
+ql/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql
+ql/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
+ql/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql
+ql/csharp/ql/src/Security Features/Encryption using ECB.ql
+ql/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql
+ql/csharp/ql/src/Security Features/InadequateRSAPadding.ql
+ql/csharp/ql/src/Security Features/InsecureRandomness.ql
+ql/csharp/ql/src/Security Features/InsufficientKeySize.ql
+ql/csharp/ql/src/Security Features/PersistentCookie.ql
+ql/csharp/ql/src/Security Features/WeakEncryption.ql
+ql/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+ql/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
+ql/csharp/ql/src/Telemetry/ExtractorInformation.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalApis.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalSources.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
+ql/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
diff --git a/csharp/ql/integration-tests/posix/query-suite/csharp-security-and-quality.qls.expected b/csharp/ql/integration-tests/posix/query-suite/csharp-security-and-quality.qls.expected
new file mode 100644
index 000000000000..fc0fa2403f96
--- /dev/null
+++ b/csharp/ql/integration-tests/posix/query-suite/csharp-security-and-quality.qls.expected
@@ -0,0 +1,173 @@
+ql/csharp/ql/src/API Abuse/CallToGCCollect.ql
+ql/csharp/ql/src/API Abuse/CallToObsoleteMethod.ql
+ql/csharp/ql/src/API Abuse/ClassDoesNotImplementEquals.ql
+ql/csharp/ql/src/API Abuse/ClassImplementsICloneable.ql
+ql/csharp/ql/src/API Abuse/DisposeNotCalledOnException.ql
+ql/csharp/ql/src/API Abuse/FormatInvalid.ql
+ql/csharp/ql/src/API Abuse/InconsistentEqualsGetHashCode.ql
+ql/csharp/ql/src/API Abuse/IncorrectCompareToSignature.ql
+ql/csharp/ql/src/API Abuse/IncorrectEqualsSignature.ql
+ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
+ql/csharp/ql/src/API Abuse/NullArgumentToEquals.ql
+ql/csharp/ql/src/ASP/BlockCodeResponseWrite.ql
+ql/csharp/ql/src/Architecture/Refactoring Opportunities/InappropriateIntimacy.ql
+ql/csharp/ql/src/Bad Practices/CallsUnmanagedCode.ql
+ql/csharp/ql/src/Bad Practices/CatchOfNullReferenceException.ql
+ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
+ql/csharp/ql/src/Bad Practices/Declarations/LocalScopeVariableShadowsMember.ql
+ql/csharp/ql/src/Bad Practices/Declarations/TooManyRefParameters.ql
+ql/csharp/ql/src/Bad Practices/EmptyCatchBlock.ql
+ql/csharp/ql/src/Bad Practices/ErroneousClassCompare.ql
+ql/csharp/ql/src/Bad Practices/Implementation Hiding/AbstractToConcreteCollection.ql
+ql/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/FieldMasksSuperField.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/SameNameAsSuper.ql
+ql/csharp/ql/src/Bad Practices/PathCombine.ql
+ql/csharp/ql/src/Bad Practices/UnmanagedCodeCheck.ql
+ql/csharp/ql/src/Bad Practices/VirtualCallInConstructorOrDestructor.ql
+ql/csharp/ql/src/CSI/CompareIdenticalValues.ql
+ql/csharp/ql/src/CSI/NullAlways.ql
+ql/csharp/ql/src/CSI/NullMaybe.ql
+ql/csharp/ql/src/Complexity/BlockWithTooManyStatements.ql
+ql/csharp/ql/src/Complexity/ComplexCondition.ql
+ql/csharp/ql/src/Concurrency/FutileSyncOnField.ql
+ql/csharp/ql/src/Concurrency/LockOrder.ql
+ql/csharp/ql/src/Concurrency/LockThis.ql
+ql/csharp/ql/src/Concurrency/LockedWait.ql
+ql/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql
+ql/csharp/ql/src/Concurrency/UnsafeLazyInitialization.ql
+ql/csharp/ql/src/Concurrency/UnsynchronizedStaticAccess.ql
+ql/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
+ql/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
+ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
+ql/csharp/ql/src/Diagnostics/CompilerError.ql
+ql/csharp/ql/src/Diagnostics/CompilerMessage.ql
+ql/csharp/ql/src/Diagnostics/DiagnosticExtractionErrors.ql
+ql/csharp/ql/src/Diagnostics/ExtractedFiles.ql
+ql/csharp/ql/src/Diagnostics/ExtractorError.ql
+ql/csharp/ql/src/Diagnostics/ExtractorMessage.ql
+ql/csharp/ql/src/Documentation/XmldocMissingSummary.ql
+ql/csharp/ql/src/Input Validation/UseOfFileUpload.ql
+ql/csharp/ql/src/Input Validation/ValueShadowing.ql
+ql/csharp/ql/src/Input Validation/ValueShadowingServerVariable.ql
+ql/csharp/ql/src/Language Abuse/CastThisToTypeParameter.ql
+ql/csharp/ql/src/Language Abuse/CatchOfGenericException.ql
+ql/csharp/ql/src/Language Abuse/ChainedIs.ql
+ql/csharp/ql/src/Language Abuse/DubiousDowncastOfThis.ql
+ql/csharp/ql/src/Language Abuse/DubiousTypeTestOfThis.ql
+ql/csharp/ql/src/Language Abuse/MissedReadonlyOpportunity.ql
+ql/csharp/ql/src/Language Abuse/MissedTernaryOpportunity.ql
+ql/csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql
+ql/csharp/ql/src/Language Abuse/NestedIf.ql
+ql/csharp/ql/src/Language Abuse/RethrowException.ql
+ql/csharp/ql/src/Language Abuse/SimplifyBoolExpr.ql
+ql/csharp/ql/src/Language Abuse/UnusedPropertyValue.ql
+ql/csharp/ql/src/Language Abuse/UselessCastToSelf.ql
+ql/csharp/ql/src/Language Abuse/UselessNullCoalescingExpression.ql
+ql/csharp/ql/src/Language Abuse/UselessTypeTest.ql
+ql/csharp/ql/src/Language Abuse/UselessUpcast.ql
+ql/csharp/ql/src/Likely Bugs/Collections/ContainerLengthCmpOffByOne.ql
+ql/csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
+ql/csharp/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
+ql/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
+ql/csharp/ql/src/Likely Bugs/ConstantComparison.ql
+ql/csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
+ql/csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql
+ql/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
+ql/csharp/ql/src/Likely Bugs/EqualsArray.ql
+ql/csharp/ql/src/Likely Bugs/EqualsUsesAs.ql
+ql/csharp/ql/src/Likely Bugs/EqualsUsesIs.ql
+ql/csharp/ql/src/Likely Bugs/HashedButNoHash.ql
+ql/csharp/ql/src/Likely Bugs/ImpossibleArrayCast.ql
+ql/csharp/ql/src/Likely Bugs/IncomparableEquals.ql
+ql/csharp/ql/src/Likely Bugs/InconsistentCompareTo.ql
+ql/csharp/ql/src/Likely Bugs/LeapYear/UnsafeYearConstruction.ql
+ql/csharp/ql/src/Likely Bugs/MishandlingJapaneseEra.ql
+ql/csharp/ql/src/Likely Bugs/NestedLoopsSameVariable.ql
+ql/csharp/ql/src/Likely Bugs/ObjectComparison.ql
+ql/csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql
+ql/csharp/ql/src/Likely Bugs/RecursiveEquals.ql
+ql/csharp/ql/src/Likely Bugs/RecursiveOperatorEquals.ql
+ql/csharp/ql/src/Likely Bugs/ReferenceEqualsOnValueTypes.ql
+ql/csharp/ql/src/Likely Bugs/SelfAssignment.ql
+ql/csharp/ql/src/Likely Bugs/Statements/EmptyBlock.ql
+ql/csharp/ql/src/Likely Bugs/Statements/EmptyLockStatement.ql
+ql/csharp/ql/src/Likely Bugs/Statements/UseBraces.ql
+ql/csharp/ql/src/Likely Bugs/StaticFieldWrittenByInstance.ql
+ql/csharp/ql/src/Likely Bugs/StringBuilderCharInit.ql
+ql/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql
+ql/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql
+ql/csharp/ql/src/Likely Bugs/UncheckedCastInEquals.ql
+ql/csharp/ql/src/Linq/BadMultipleIteration.ql
+ql/csharp/ql/src/Linq/MissedAllOpportunity.ql
+ql/csharp/ql/src/Linq/MissedCastOpportunity.ql
+ql/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql
+ql/csharp/ql/src/Linq/MissedSelectOpportunity.ql
+ql/csharp/ql/src/Linq/MissedWhereOpportunity.ql
+ql/csharp/ql/src/Linq/RedundantSelect.ql
+ql/csharp/ql/src/Metrics/Summaries/LinesOfCode.ql
+ql/csharp/ql/src/Performance/StringBuilderInLoop.ql
+ql/csharp/ql/src/Performance/StringConcatenationInLoop.ql
+ql/csharp/ql/src/Performance/UseTryGetValue.ql
+ql/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql
+ql/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql
+ql/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql
+ql/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql
+ql/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
+ql/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql
+ql/csharp/ql/src/Security Features/CWE-079/XSS.ql
+ql/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql
+ql/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql
+ql/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
+ql/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql
+ql/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql
+ql/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql
+ql/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
+ql/csharp/ql/src/Security Features/CWE-117/LogForging.ql
+ql/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql
+ql/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
+ql/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql
+ql/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql
+ql/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
+ql/csharp/ql/src/Security Features/CWE-285/MissingAccessControl.ql
+ql/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql
+ql/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
+ql/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
+ql/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql
+ql/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql
+ql/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql
+ql/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql
+ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
+ql/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql
+ql/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql
+ql/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql
+ql/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql
+ql/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql
+ql/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql
+ql/csharp/ql/src/Security Features/CWE-730/ReDoS.ql
+ql/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
+ql/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
+ql/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
+ql/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql
+ql/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
+ql/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql
+ql/csharp/ql/src/Security Features/Encryption using ECB.ql
+ql/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql
+ql/csharp/ql/src/Security Features/InadequateRSAPadding.ql
+ql/csharp/ql/src/Security Features/InsecureRandomness.ql
+ql/csharp/ql/src/Security Features/InsufficientKeySize.ql
+ql/csharp/ql/src/Security Features/PersistentCookie.ql
+ql/csharp/ql/src/Security Features/WeakEncryption.ql
+ql/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+ql/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
+ql/csharp/ql/src/Telemetry/ExtractorInformation.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalApis.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalSources.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
+ql/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
+ql/csharp/ql/src/Useless code/DefaultToString.ql
+ql/csharp/ql/src/Useless code/FutileConditional.ql
+ql/csharp/ql/src/Useless code/IntGetHashCode.ql
+ql/csharp/ql/src/Useless code/RedundantToStringCall.ql
+ql/csharp/ql/src/Useless code/UnusedLabel.ql
diff --git a/csharp/ql/integration-tests/posix/query-suite/csharp-security-extended.qls.expected b/csharp/ql/integration-tests/posix/query-suite/csharp-security-extended.qls.expected
new file mode 100644
index 000000000000..69f47536e683
--- /dev/null
+++ b/csharp/ql/integration-tests/posix/query-suite/csharp-security-extended.qls.expected
@@ -0,0 +1,71 @@
+ql/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
+ql/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
+ql/csharp/ql/src/Diagnostics/CompilerError.ql
+ql/csharp/ql/src/Diagnostics/CompilerMessage.ql
+ql/csharp/ql/src/Diagnostics/DiagnosticExtractionErrors.ql
+ql/csharp/ql/src/Diagnostics/ExtractedFiles.ql
+ql/csharp/ql/src/Diagnostics/ExtractorError.ql
+ql/csharp/ql/src/Diagnostics/ExtractorMessage.ql
+ql/csharp/ql/src/Input Validation/UseOfFileUpload.ql
+ql/csharp/ql/src/Input Validation/ValueShadowing.ql
+ql/csharp/ql/src/Input Validation/ValueShadowingServerVariable.ql
+ql/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql
+ql/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql
+ql/csharp/ql/src/Metrics/Summaries/LinesOfCode.ql
+ql/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql
+ql/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql
+ql/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql
+ql/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql
+ql/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql
+ql/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql
+ql/csharp/ql/src/Security Features/CWE-079/XSS.ql
+ql/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql
+ql/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql
+ql/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
+ql/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql
+ql/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql
+ql/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql
+ql/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
+ql/csharp/ql/src/Security Features/CWE-117/LogForging.ql
+ql/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql
+ql/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
+ql/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql
+ql/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql
+ql/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
+ql/csharp/ql/src/Security Features/CWE-285/MissingAccessControl.ql
+ql/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql
+ql/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
+ql/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
+ql/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql
+ql/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql
+ql/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql
+ql/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql
+ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
+ql/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql
+ql/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql
+ql/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql
+ql/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql
+ql/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql
+ql/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql
+ql/csharp/ql/src/Security Features/CWE-730/ReDoS.ql
+ql/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
+ql/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
+ql/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
+ql/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql
+ql/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
+ql/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql
+ql/csharp/ql/src/Security Features/Encryption using ECB.ql
+ql/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql
+ql/csharp/ql/src/Security Features/InadequateRSAPadding.ql
+ql/csharp/ql/src/Security Features/InsecureRandomness.ql
+ql/csharp/ql/src/Security Features/InsufficientKeySize.ql
+ql/csharp/ql/src/Security Features/PersistentCookie.ql
+ql/csharp/ql/src/Security Features/WeakEncryption.ql
+ql/csharp/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
+ql/csharp/ql/src/Telemetry/ExternalLibraryUsage.ql
+ql/csharp/ql/src/Telemetry/ExtractorInformation.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalApis.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalSinks.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalSources.ql
+ql/csharp/ql/src/Telemetry/SupportedExternalTaint.ql
+ql/csharp/ql/src/Telemetry/UnsupportedExternalAPIs.ql
diff --git a/csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected b/csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected
new file mode 100644
index 000000000000..23bdca4394bf
--- /dev/null
+++ b/csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected
@@ -0,0 +1,128 @@
+ql/csharp/ql/src/API Abuse/MissingDisposeCall.ql
+ql/csharp/ql/src/API Abuse/MissingDisposeMethod.ql
+ql/csharp/ql/src/API Abuse/NonOverridingMethod.ql
+ql/csharp/ql/src/API Abuse/UncheckedReturnValue.ql
+ql/csharp/ql/src/ASP/ComplexInlineCode.ql
+ql/csharp/ql/src/ASP/NonInternationalizedText.ql
+ql/csharp/ql/src/ASP/SplitControlStructure.ql
+ql/csharp/ql/src/AlertSuppression.ql
+ql/csharp/ql/src/Architecture/Dependencies/MutualDependency.ql
+ql/csharp/ql/src/Architecture/Refactoring Opportunities/FeatureEnvy.ql
+ql/csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql
+ql/csharp/ql/src/Bad Practices/Comments/TodoComments.ql
+ql/csharp/ql/src/Bad Practices/Declarations/EmptyInterface.ql
+ql/csharp/ql/src/Bad Practices/Declarations/NoConstantsOnly.ql
+ql/csharp/ql/src/Bad Practices/Implementation Hiding/StaticArray.ql
+ql/csharp/ql/src/Bad Practices/LeftoverDebugCode.ql
+ql/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsNumbers.ql
+ql/csharp/ql/src/Bad Practices/Magic Constants/MagicConstantsString.ql
+ql/csharp/ql/src/Bad Practices/Magic Constants/MagicNumbersUseConstant.ql
+ql/csharp/ql/src/Bad Practices/Magic Constants/MagicStringsUseConstant.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/ConfusingMethodNames.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/ConfusingOverridesNames.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/ConstantNaming.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/ControlNamePrefixes.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql
+ql/csharp/ql/src/Bad Practices/Naming Conventions/VariableNameTooShort.ql
+ql/csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql
+ql/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql
+ql/csharp/ql/src/Dead Code/DeadRefTypes.ql
+ql/csharp/ql/src/Dead Code/NonAssignedFields.ql
+ql/csharp/ql/src/Dead Code/UnusedField.ql
+ql/csharp/ql/src/Dead Code/UnusedMethod.ql
+ql/csharp/ql/src/Documentation/XmldocExtraParam.ql
+ql/csharp/ql/src/Documentation/XmldocExtraTypeParam.ql
+ql/csharp/ql/src/Documentation/XmldocMissing.ql
+ql/csharp/ql/src/Documentation/XmldocMissingException.ql
+ql/csharp/ql/src/Documentation/XmldocMissingParam.ql
+ql/csharp/ql/src/Documentation/XmldocMissingReturn.ql
+ql/csharp/ql/src/Documentation/XmldocMissingTypeParam.ql
+ql/csharp/ql/src/Language Abuse/ForeachCapture.ql
+ql/csharp/ql/src/Language Abuse/UselessIsBeforeAs.ql
+ql/csharp/ql/src/Likely Bugs/BadCheckOdd.ql
+ql/csharp/ql/src/Likely Bugs/RandomUsedOnce.ql
+ql/csharp/ql/src/Metrics/Callables/CCyclomaticComplexity.ql
+ql/csharp/ql/src/Metrics/Callables/CLinesOfCode.ql
+ql/csharp/ql/src/Metrics/Callables/CLinesOfComment.ql
+ql/csharp/ql/src/Metrics/Callables/CNumberOfParameters.ql
+ql/csharp/ql/src/Metrics/Callables/CNumberOfStatements.ql
+ql/csharp/ql/src/Metrics/Callables/CPercentageOfComments.ql
+ql/csharp/ql/src/Metrics/Callables/StatementNestingDepth.ql
+ql/csharp/ql/src/Metrics/Dependencies/ExternalDependencies.ql
+ql/csharp/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
+ql/csharp/ql/src/Metrics/Files/FCommentRatio.ql
+ql/csharp/ql/src/Metrics/Files/FCyclomaticComplexity.ql
+ql/csharp/ql/src/Metrics/Files/FLines.ql
+ql/csharp/ql/src/Metrics/Files/FLinesOfCode.ql
+ql/csharp/ql/src/Metrics/Files/FLinesOfComment.ql
+ql/csharp/ql/src/Metrics/Files/FLinesOfCommentedCode.ql
+ql/csharp/ql/src/Metrics/Files/FNumberOfClasses.ql
+ql/csharp/ql/src/Metrics/Files/FNumberOfInterfaces.ql
+ql/csharp/ql/src/Metrics/Files/FNumberOfStructs.ql
+ql/csharp/ql/src/Metrics/Files/FNumberOfTests.ql
+ql/csharp/ql/src/Metrics/Files/FNumberOfUsingNamespaces.ql
+ql/csharp/ql/src/Metrics/Files/FSelfContainedness.ql
+ql/csharp/ql/src/Metrics/RefTypes/TAfferentCoupling.ql
+ql/csharp/ql/src/Metrics/RefTypes/TEfferentCoupling.ql
+ql/csharp/ql/src/Metrics/RefTypes/TInheritanceDepth.ql
+ql/csharp/ql/src/Metrics/RefTypes/TLackOfCohesionCK.ql
+ql/csharp/ql/src/Metrics/RefTypes/TLackOfCohesionHS.ql
+ql/csharp/ql/src/Metrics/RefTypes/TNumberOfCallables.ql
+ql/csharp/ql/src/Metrics/RefTypes/TNumberOfEvents.ql
+ql/csharp/ql/src/Metrics/RefTypes/TNumberOfFields.ql
+ql/csharp/ql/src/Metrics/RefTypes/TNumberOfIndexers.ql
+ql/csharp/ql/src/Metrics/RefTypes/TNumberOfNonConstFields.ql
+ql/csharp/ql/src/Metrics/RefTypes/TNumberOfProperties.ql
+ql/csharp/ql/src/Metrics/RefTypes/TNumberOfStatements.ql
+ql/csharp/ql/src/Metrics/RefTypes/TResponse.ql
+ql/csharp/ql/src/Metrics/RefTypes/TSizeOfAPI.ql
+ql/csharp/ql/src/Metrics/RefTypes/TSpecialisationIndex.ql
+ql/csharp/ql/src/Metrics/RefTypes/TUnmanagedCode.ql
+ql/csharp/ql/src/Metrics/Summaries/FrameworkCoverage.ql
+ql/csharp/ql/src/Metrics/internal/ExtractorDiagnostics.ql
+ql/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql
+ql/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql
+ql/csharp/ql/src/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
+ql/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql
+ql/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql
+ql/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql
+ql/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql
+ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql
+ql/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql
+ql/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql
+ql/csharp/ql/src/Useless code/PointlessForwardingMethod.ql
+ql/csharp/ql/src/definitions.ql
+ql/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql
+ql/csharp/ql/src/experimental/CWE-918/RequestForgery.ql
+ql/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql
+ql/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
+ql/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql
+ql/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql
+ql/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
+ql/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql
+ql/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql
+ql/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql
+ql/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql
+ql/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql
+ql/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql
+ql/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql
+ql/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql
+ql/csharp/ql/src/filters/ClassifyFiles.ql
+ql/csharp/ql/src/meta/frameworks/Coverage.ql
+ql/csharp/ql/src/meta/frameworks/UnsupportedExternalAPIs.ql
+ql/csharp/ql/src/utils/modelconverter/ExtractNeutrals.ql
+ql/csharp/ql/src/utils/modelconverter/ExtractSinks.ql
+ql/csharp/ql/src/utils/modelconverter/ExtractSources.ql
+ql/csharp/ql/src/utils/modelconverter/ExtractSummaries.ql
+ql/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql
+ql/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql
+ql/csharp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
+ql/csharp/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql
+ql/csharp/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql
+ql/csharp/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
+ql/csharp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
+ql/csharp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
+ql/csharp/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
+ql/csharp/ql/src/utils/modelgenerator/CaptureTypeBasedSummaryModels.ql
+ql/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql
+ql/csharp/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql
diff --git a/csharp/ql/integration-tests/posix/query-suite/test.py b/csharp/ql/integration-tests/posix/query-suite/test.py
new file mode 100644
index 000000000000..38f0643dfbbd
--- /dev/null
+++ b/csharp/ql/integration-tests/posix/query-suite/test.py
@@ -0,0 +1,14 @@
+import runs_on
+import pytest
+from query_suites import *
+
+well_known_query_suites = ['csharp-code-quality.qls', 'csharp-security-and-quality.qls', 'csharp-security-extended.qls', 'csharp-code-scanning.qls']
+
+@runs_on.posix
+@pytest.mark.parametrize("query_suite", well_known_query_suites)
+def test(codeql, csharp, check_query_suite, query_suite):
+    check_query_suite(query_suite)
+
+@runs_on.posix
+def test_not_included_queries(codeql, csharp, check_queries_not_included):
+    check_queries_not_included('csharp', well_known_query_suites)
diff --git a/go/ql/integration-tests/query-suite/go-code-quality.qls.expected b/go/ql/integration-tests/query-suite/go-code-quality.qls.expected
new file mode 100644
index 000000000000..236c285ece05
--- /dev/null
+++ b/go/ql/integration-tests/query-suite/go-code-quality.qls.expected
@@ -0,0 +1,6 @@
+ql/go/ql/src/InconsistentCode/LengthComparisonOffByOne.ql
+ql/go/ql/src/InconsistentCode/MissingErrorCheck.ql
+ql/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
+ql/go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql
+ql/go/ql/src/RedundantCode/NegativeLengthCheck.ql
+ql/go/ql/src/RedundantCode/RedundantRecover.ql
diff --git a/go/ql/integration-tests/query-suite/go-code-scanning.qls.expected b/go/ql/integration-tests/query-suite/go-code-scanning.qls.expected
new file mode 100644
index 000000000000..609e21e82ec0
--- /dev/null
+++ b/go/ql/integration-tests/query-suite/go-code-scanning.qls.expected
@@ -0,0 +1,31 @@
+ql/go/ql/src/Diagnostics/ExtractionErrors.ql
+ql/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+ql/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
+ql/go/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+ql/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
+ql/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
+ql/go/ql/src/Security/CWE-022/TaintedPath.ql
+ql/go/ql/src/Security/CWE-022/UnsafeUnzipSymlink.ql
+ql/go/ql/src/Security/CWE-022/ZipSlip.ql
+ql/go/ql/src/Security/CWE-078/CommandInjection.ql
+ql/go/ql/src/Security/CWE-079/ReflectedXss.ql
+ql/go/ql/src/Security/CWE-089/SqlInjection.ql
+ql/go/ql/src/Security/CWE-089/StringBreak.ql
+ql/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
+ql/go/ql/src/Security/CWE-209/StackTraceExposure.ql
+ql/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
+ql/go/ql/src/Security/CWE-312/CleartextLogging.ql
+ql/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
+ql/go/ql/src/Security/CWE-326/InsufficientKeySize.ql
+ql/go/ql/src/Security/CWE-327/InsecureTLS.ql
+ql/go/ql/src/Security/CWE-338/InsecureRandomness.ql
+ql/go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.ql
+ql/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
+ql/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
+ql/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
+ql/go/ql/src/Security/CWE-640/EmailInjection.ql
+ql/go/ql/src/Security/CWE-643/XPathInjection.ql
+ql/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
+ql/go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql
+ql/go/ql/src/Security/CWE-918/RequestForgery.ql
+ql/go/ql/src/Summary/LinesOfCode.ql
diff --git a/go/ql/integration-tests/query-suite/go-security-and-quality.qls.expected b/go/ql/integration-tests/query-suite/go-security-and-quality.qls.expected
new file mode 100644
index 000000000000..46f21d921ef7
--- /dev/null
+++ b/go/ql/integration-tests/query-suite/go-security-and-quality.qls.expected
@@ -0,0 +1,55 @@
+ql/go/ql/src/Diagnostics/ExtractionErrors.ql
+ql/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+ql/go/ql/src/InconsistentCode/ConstantLengthComparison.ql
+ql/go/ql/src/InconsistentCode/InconsistentLoopOrientation.ql
+ql/go/ql/src/InconsistentCode/LengthComparisonOffByOne.ql
+ql/go/ql/src/InconsistentCode/MissingErrorCheck.ql
+ql/go/ql/src/InconsistentCode/MistypedExponentiation.ql
+ql/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql
+ql/go/ql/src/InconsistentCode/WhitespaceContradictsPrecedence.ql
+ql/go/ql/src/InconsistentCode/WrappedErrorAlwaysNil.ql
+ql/go/ql/src/RedundantCode/CompareIdenticalValues.ql
+ql/go/ql/src/RedundantCode/DeadStoreOfField.ql
+ql/go/ql/src/RedundantCode/DeadStoreOfLocal.ql
+ql/go/ql/src/RedundantCode/DuplicateBranches.ql
+ql/go/ql/src/RedundantCode/DuplicateCondition.ql
+ql/go/ql/src/RedundantCode/DuplicateSwitchCase.ql
+ql/go/ql/src/RedundantCode/ExprHasNoEffect.ql
+ql/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql
+ql/go/ql/src/RedundantCode/NegativeLengthCheck.ql
+ql/go/ql/src/RedundantCode/RedundantExpr.ql
+ql/go/ql/src/RedundantCode/RedundantRecover.ql
+ql/go/ql/src/RedundantCode/SelfAssignment.ql
+ql/go/ql/src/RedundantCode/ShiftOutOfRange.ql
+ql/go/ql/src/RedundantCode/UnreachableStatement.ql
+ql/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
+ql/go/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+ql/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
+ql/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
+ql/go/ql/src/Security/CWE-022/TaintedPath.ql
+ql/go/ql/src/Security/CWE-022/UnsafeUnzipSymlink.ql
+ql/go/ql/src/Security/CWE-022/ZipSlip.ql
+ql/go/ql/src/Security/CWE-078/CommandInjection.ql
+ql/go/ql/src/Security/CWE-079/ReflectedXss.ql
+ql/go/ql/src/Security/CWE-089/SqlInjection.ql
+ql/go/ql/src/Security/CWE-089/StringBreak.ql
+ql/go/ql/src/Security/CWE-117/LogInjection.ql
+ql/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
+ql/go/ql/src/Security/CWE-209/StackTraceExposure.ql
+ql/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
+ql/go/ql/src/Security/CWE-312/CleartextLogging.ql
+ql/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
+ql/go/ql/src/Security/CWE-326/InsufficientKeySize.ql
+ql/go/ql/src/Security/CWE-327/InsecureTLS.ql
+ql/go/ql/src/Security/CWE-338/InsecureRandomness.ql
+ql/go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.ql
+ql/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
+ql/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
+ql/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
+ql/go/ql/src/Security/CWE-640/EmailInjection.ql
+ql/go/ql/src/Security/CWE-643/XPathInjection.ql
+ql/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
+ql/go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql
+ql/go/ql/src/Security/CWE-798/HardcodedCredentials.ql
+ql/go/ql/src/Security/CWE-918/RequestForgery.ql
+ql/go/ql/src/Summary/LinesOfCode.ql
diff --git a/go/ql/integration-tests/query-suite/go-security-extended.qls.expected b/go/ql/integration-tests/query-suite/go-security-extended.qls.expected
new file mode 100644
index 000000000000..a206ef2364ab
--- /dev/null
+++ b/go/ql/integration-tests/query-suite/go-security-extended.qls.expected
@@ -0,0 +1,33 @@
+ql/go/ql/src/Diagnostics/ExtractionErrors.ql
+ql/go/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+ql/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql
+ql/go/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+ql/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql
+ql/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql
+ql/go/ql/src/Security/CWE-022/TaintedPath.ql
+ql/go/ql/src/Security/CWE-022/UnsafeUnzipSymlink.ql
+ql/go/ql/src/Security/CWE-022/ZipSlip.ql
+ql/go/ql/src/Security/CWE-078/CommandInjection.ql
+ql/go/ql/src/Security/CWE-079/ReflectedXss.ql
+ql/go/ql/src/Security/CWE-089/SqlInjection.ql
+ql/go/ql/src/Security/CWE-089/StringBreak.ql
+ql/go/ql/src/Security/CWE-117/LogInjection.ql
+ql/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql
+ql/go/ql/src/Security/CWE-209/StackTraceExposure.ql
+ql/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql
+ql/go/ql/src/Security/CWE-312/CleartextLogging.ql
+ql/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
+ql/go/ql/src/Security/CWE-326/InsufficientKeySize.ql
+ql/go/ql/src/Security/CWE-327/InsecureTLS.ql
+ql/go/ql/src/Security/CWE-338/InsecureRandomness.ql
+ql/go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.ql
+ql/go/ql/src/Security/CWE-352/ConstantOauth2State.ql
+ql/go/ql/src/Security/CWE-601/BadRedirectCheck.ql
+ql/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql
+ql/go/ql/src/Security/CWE-640/EmailInjection.ql
+ql/go/ql/src/Security/CWE-643/XPathInjection.ql
+ql/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql
+ql/go/ql/src/Security/CWE-770/UncontrolledAllocationSize.ql
+ql/go/ql/src/Security/CWE-798/HardcodedCredentials.ql
+ql/go/ql/src/Security/CWE-918/RequestForgery.ql
+ql/go/ql/src/Summary/LinesOfCode.ql
diff --git a/go/ql/integration-tests/query-suite/not_included_in_qls.expected b/go/ql/integration-tests/query-suite/not_included_in_qls.expected
new file mode 100644
index 000000000000..751c76041a29
--- /dev/null
+++ b/go/ql/integration-tests/query-suite/not_included_in_qls.expected
@@ -0,0 +1,33 @@
+ql/go/ql/src/AlertSuppression.ql
+ql/go/ql/src/Metrics/FLinesOfCode.ql
+ql/go/ql/src/Metrics/FLinesOfComment.ql
+ql/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
+ql/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
+ql/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql
+ql/go/ql/src/Security/CWE-078/StoredCommand.ql
+ql/go/ql/src/Security/CWE-079/StoredXss.ql
+ql/go/ql/src/definitions.ql
+ql/go/ql/src/experimental/CWE-090/LDAPInjection.ql
+ql/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
+ql/go/ql/src/experimental/CWE-203/Timing.ql
+ql/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
+ql/go/ql/src/experimental/CWE-287/ImproperLdapAuth.ql
+ql/go/ql/src/experimental/CWE-321-V2/HardCodedKeys.ql
+ql/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql
+ql/go/ql/src/experimental/CWE-369/DivideByZero.ql
+ql/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql
+ql/go/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
+ql/go/ql/src/experimental/CWE-525/WebCacheDeception.ql
+ql/go/ql/src/experimental/CWE-74/DsnInjection.ql
+ql/go/ql/src/experimental/CWE-74/DsnInjectionLocal.ql
+ql/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
+ql/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql
+ql/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
+ql/go/ql/src/experimental/CWE-918/SSRF.ql
+ql/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
+ql/go/ql/src/experimental/InconsistentCode/DeferInLoop.ql
+ql/go/ql/src/experimental/InconsistentCode/GORMErrorNotChecked.ql
+ql/go/ql/src/experimental/IntegerOverflow/IntegerOverflow.ql
+ql/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql
+ql/go/ql/src/filters/ClassifyFiles.ql
+ql/go/ql/src/meta/frameworks/Coverage.ql
diff --git a/go/ql/integration-tests/query-suite/test.py b/go/ql/integration-tests/query-suite/test.py
new file mode 100644
index 000000000000..d4c6f9f37099
--- /dev/null
+++ b/go/ql/integration-tests/query-suite/test.py
@@ -0,0 +1,14 @@
+import runs_on
+import pytest
+from query_suites import *
+
+well_known_query_suites = ['go-code-quality.qls', 'go-security-and-quality.qls', 'go-security-extended.qls', 'go-code-scanning.qls']
+
+@runs_on.posix
+@pytest.mark.parametrize("query_suite", well_known_query_suites)
+def test(codeql, go, check_query_suite, query_suite):
+    check_query_suite(query_suite)
+
+@runs_on.posix
+def test_not_included_queries(codeql, go, check_queries_not_included):
+    check_queries_not_included('go', well_known_query_suites)
diff --git a/javascript/ql/integration-tests/query-suite/javascript-code-quality.qls.expected b/javascript/ql/integration-tests/query-suite/javascript-code-quality.qls.expected
new file mode 100644
index 000000000000..e4620badfc82
--- /dev/null
+++ b/javascript/ql/integration-tests/query-suite/javascript-code-quality.qls.expected
@@ -0,0 +1,5 @@
+ql/javascript/ql/src/Declarations/IneffectiveParameterType.ql
+ql/javascript/ql/src/Expressions/ExprHasNoEffect.ql
+ql/javascript/ql/src/Expressions/MissingAwait.ql
+ql/javascript/ql/src/LanguageFeatures/SpuriousArguments.ql
+ql/javascript/ql/src/RegExp/RegExpAlwaysMatches.ql
diff --git a/javascript/ql/integration-tests/query-suite/javascript-code-scanning.qls.expected b/javascript/ql/integration-tests/query-suite/javascript-code-scanning.qls.expected
new file mode 100644
index 000000000000..7f7ab7aa326d
--- /dev/null
+++ b/javascript/ql/integration-tests/query-suite/javascript-code-scanning.qls.expected
@@ -0,0 +1,90 @@
+ql/javascript/ql/src/AngularJS/DisablingSce.ql
+ql/javascript/ql/src/AngularJS/DoubleCompilation.ql
+ql/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql
+ql/javascript/ql/src/Diagnostics/ExtractedFiles.ql
+ql/javascript/ql/src/Diagnostics/ExtractionErrors.ql
+ql/javascript/ql/src/Electron/AllowRunningInsecureContent.ql
+ql/javascript/ql/src/Electron/DisablingWebSecurity.ql
+ql/javascript/ql/src/Performance/PolynomialReDoS.ql
+ql/javascript/ql/src/Performance/ReDoS.ql
+ql/javascript/ql/src/RegExp/IdentityReplacement.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
+ql/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
+ql/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
+ql/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
+ql/javascript/ql/src/Security/CWE-022/TaintedPath.ql
+ql/javascript/ql/src/Security/CWE-022/ZipSlip.ql
+ql/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
+ql/javascript/ql/src/Security/CWE-078/CommandInjection.ql
+ql/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
+ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
+ql/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
+ql/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
+ql/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
+ql/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
+ql/javascript/ql/src/Security/CWE-079/StoredXss.ql
+ql/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql
+ql/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
+ql/javascript/ql/src/Security/CWE-079/Xss.ql
+ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
+ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
+ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
+ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
+ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
+ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
+ql/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.ql
+ql/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
+ql/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
+ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
+ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
+ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
+ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
+ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
+ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
+ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
+ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
+ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
+ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
+ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
+ql/javascript/ql/src/Security/CWE-326/InsufficientKeySize.ql
+ql/javascript/ql/src/Security/CWE-327/BadRandomness.ql
+ql/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
+ql/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
+ql/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
+ql/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
+ql/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
+ql/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql
+ql/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
+ql/javascript/ql/src/Security/CWE-598/SensitiveGetQuery.ql
+ql/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
+ql/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
+ql/javascript/ql/src/Security/CWE-611/Xxe.ql
+ql/javascript/ql/src/Security/CWE-614/ClearTextCookie.ql
+ql/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
+ql/javascript/ql/src/Security/CWE-643/XpathInjection.ql
+ql/javascript/ql/src/Security/CWE-693/InsecureHelmet.ql
+ql/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
+ql/javascript/ql/src/Security/CWE-730/ServerCrash.ql
+ql/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
+ql/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql
+ql/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql
+ql/javascript/ql/src/Security/CWE-776/XmlBomb.ql
+ql/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
+ql/javascript/ql/src/Security/CWE-829/InsecureDownload.ql
+ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedDomain.ql
+ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedSource.ql
+ql/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql
+ql/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
+ql/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
+ql/javascript/ql/src/Security/CWE-918/RequestForgery.ql
+ql/javascript/ql/src/Summary/LinesOfCode.ql
+ql/javascript/ql/src/Summary/LinesOfUserCode.ql
diff --git a/javascript/ql/integration-tests/query-suite/javascript-security-and-quality.qls.expected b/javascript/ql/integration-tests/query-suite/javascript-security-and-quality.qls.expected
new file mode 100644
index 000000000000..63f6629f7bfd
--- /dev/null
+++ b/javascript/ql/integration-tests/query-suite/javascript-security-and-quality.qls.expected
@@ -0,0 +1,205 @@
+ql/javascript/ql/src/AngularJS/DependencyMismatch.ql
+ql/javascript/ql/src/AngularJS/DisablingSce.ql
+ql/javascript/ql/src/AngularJS/DoubleCompilation.ql
+ql/javascript/ql/src/AngularJS/DuplicateDependency.ql
+ql/javascript/ql/src/AngularJS/IncompatibleService.ql
+ql/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql
+ql/javascript/ql/src/AngularJS/MissingExplicitInjection.ql
+ql/javascript/ql/src/AngularJS/RepeatedInjection.ql
+ql/javascript/ql/src/AngularJS/UseNgSrc.ql
+ql/javascript/ql/src/DOM/DuplicateAttributes.ql
+ql/javascript/ql/src/DOM/MalformedIdAttribute.ql
+ql/javascript/ql/src/DOM/PseudoEval.ql
+ql/javascript/ql/src/Declarations/ArgumentsRedefined.ql
+ql/javascript/ql/src/Declarations/AssignmentToConst.ql
+ql/javascript/ql/src/Declarations/ClobberingVarInit.ql
+ql/javascript/ql/src/Declarations/ConflictingFunctions.ql
+ql/javascript/ql/src/Declarations/DeadStoreOfLocal.ql
+ql/javascript/ql/src/Declarations/DeadStoreOfProperty.ql
+ql/javascript/ql/src/Declarations/DeclBeforeUse.ql
+ql/javascript/ql/src/Declarations/DefaultArgumentReferencesNestedFunction.ql
+ql/javascript/ql/src/Declarations/DuplicateVarDecl.ql
+ql/javascript/ql/src/Declarations/IneffectiveParameterType.ql
+ql/javascript/ql/src/Declarations/MissingThisQualifier.ql
+ql/javascript/ql/src/Declarations/MissingVarDecl.ql
+ql/javascript/ql/src/Declarations/MixedStaticInstanceThisAccess.ql
+ql/javascript/ql/src/Declarations/SuspiciousMethodNameDeclaration.ql
+ql/javascript/ql/src/Declarations/TemporalDeadZone.ql
+ql/javascript/ql/src/Declarations/UniqueParameterNames.ql
+ql/javascript/ql/src/Declarations/UniquePropertyNames.ql
+ql/javascript/ql/src/Declarations/UnreachableMethodOverloads.ql
+ql/javascript/ql/src/Declarations/UnusedVariable.ql
+ql/javascript/ql/src/Diagnostics/ExtractedFiles.ql
+ql/javascript/ql/src/Diagnostics/ExtractionErrors.ql
+ql/javascript/ql/src/Electron/AllowRunningInsecureContent.ql
+ql/javascript/ql/src/Electron/DisablingWebSecurity.ql
+ql/javascript/ql/src/Expressions/ComparisonWithNaN.ql
+ql/javascript/ql/src/Expressions/DuplicateCondition.ql
+ql/javascript/ql/src/Expressions/DuplicateProperty.ql
+ql/javascript/ql/src/Expressions/DuplicateSwitchCase.ql
+ql/javascript/ql/src/Expressions/ExprHasNoEffect.ql
+ql/javascript/ql/src/Expressions/HeterogeneousComparison.ql
+ql/javascript/ql/src/Expressions/ImplicitOperandConversion.ql
+ql/javascript/ql/src/Expressions/MissingAwait.ql
+ql/javascript/ql/src/Expressions/MissingDotLengthInComparison.ql
+ql/javascript/ql/src/Expressions/MissingSpaceInAppend.ql
+ql/javascript/ql/src/Expressions/MisspelledVariableName.ql
+ql/javascript/ql/src/Expressions/RedundantExpression.ql
+ql/javascript/ql/src/Expressions/SelfAssignment.ql
+ql/javascript/ql/src/Expressions/ShiftOutOfRange.ql
+ql/javascript/ql/src/Expressions/StringInsteadOfRegex.ql
+ql/javascript/ql/src/Expressions/SuspiciousInvocation.ql
+ql/javascript/ql/src/Expressions/SuspiciousPropAccess.ql
+ql/javascript/ql/src/Expressions/UnboundEventHandlerReceiver.ql
+ql/javascript/ql/src/Expressions/UnclearOperatorPrecedence.ql
+ql/javascript/ql/src/Expressions/UnknownDirective.ql
+ql/javascript/ql/src/Expressions/UnneededDefensiveProgramming.ql
+ql/javascript/ql/src/Expressions/WhitespaceContradictsPrecedence.ql
+ql/javascript/ql/src/LanguageFeatures/BadTypeof.ql
+ql/javascript/ql/src/LanguageFeatures/ConditionalComments.ql
+ql/javascript/ql/src/LanguageFeatures/DeleteVar.ql
+ql/javascript/ql/src/LanguageFeatures/ExpressionClosures.ql
+ql/javascript/ql/src/LanguageFeatures/ForInComprehensionBlocks.ql
+ql/javascript/ql/src/LanguageFeatures/IllegalInvocation.ql
+ql/javascript/ql/src/LanguageFeatures/InconsistentNew.ql
+ql/javascript/ql/src/LanguageFeatures/InvalidPrototype.ql
+ql/javascript/ql/src/LanguageFeatures/LengthComparisonOffByOne.ql
+ql/javascript/ql/src/LanguageFeatures/NonLinearPattern.ql
+ql/javascript/ql/src/LanguageFeatures/PropertyWriteOnPrimitive.ql
+ql/javascript/ql/src/LanguageFeatures/SemicolonInsertion.ql
+ql/javascript/ql/src/LanguageFeatures/SetterReturn.ql
+ql/javascript/ql/src/LanguageFeatures/SpuriousArguments.ql
+ql/javascript/ql/src/LanguageFeatures/StrictModeCallStackIntrospection.ql
+ql/javascript/ql/src/LanguageFeatures/SyntaxError.ql
+ql/javascript/ql/src/LanguageFeatures/TemplateSyntaxInStringLiteral.ql
+ql/javascript/ql/src/LanguageFeatures/ThisBeforeSuper.ql
+ql/javascript/ql/src/LanguageFeatures/UnusedIndexVariable.ql
+ql/javascript/ql/src/LanguageFeatures/WithStatement.ql
+ql/javascript/ql/src/LanguageFeatures/YieldInNonGenerator.ql
+ql/javascript/ql/src/NodeJS/InvalidExport.ql
+ql/javascript/ql/src/NodeJS/MissingExports.ql
+ql/javascript/ql/src/Performance/PolynomialReDoS.ql
+ql/javascript/ql/src/Performance/ReDoS.ql
+ql/javascript/ql/src/React/DirectStateMutation.ql
+ql/javascript/ql/src/React/InconsistentStateUpdate.ql
+ql/javascript/ql/src/React/UnsupportedStateUpdateInLifecycleMethod.ql
+ql/javascript/ql/src/React/UnusedOrUndefinedStateProperty.ql
+ql/javascript/ql/src/RegExp/BackrefBeforeGroup.ql
+ql/javascript/ql/src/RegExp/BackrefIntoNegativeLookahead.ql
+ql/javascript/ql/src/RegExp/DuplicateCharacterInCharacterClass.ql
+ql/javascript/ql/src/RegExp/EmptyCharacterClass.ql
+ql/javascript/ql/src/RegExp/IdentityReplacement.ql
+ql/javascript/ql/src/RegExp/RegExpAlwaysMatches.ql
+ql/javascript/ql/src/RegExp/UnboundBackref.ql
+ql/javascript/ql/src/RegExp/UnmatchableCaret.ql
+ql/javascript/ql/src/RegExp/UnmatchableDollar.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
+ql/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
+ql/javascript/ql/src/Security/CWE-020/MissingOriginCheck.ql
+ql/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
+ql/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
+ql/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
+ql/javascript/ql/src/Security/CWE-022/TaintedPath.ql
+ql/javascript/ql/src/Security/CWE-022/ZipSlip.ql
+ql/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
+ql/javascript/ql/src/Security/CWE-078/CommandInjection.ql
+ql/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
+ql/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
+ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
+ql/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
+ql/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
+ql/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
+ql/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
+ql/javascript/ql/src/Security/CWE-079/StoredXss.ql
+ql/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql
+ql/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
+ql/javascript/ql/src/Security/CWE-079/Xss.ql
+ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
+ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
+ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
+ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
+ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
+ql/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
+ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
+ql/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.ql
+ql/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
+ql/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
+ql/javascript/ql/src/Security/CWE-117/LogInjection.ql
+ql/javascript/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
+ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
+ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
+ql/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
+ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
+ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
+ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
+ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
+ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
+ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
+ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
+ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
+ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
+ql/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql
+ql/javascript/ql/src/Security/CWE-326/InsufficientKeySize.ql
+ql/javascript/ql/src/Security/CWE-327/BadRandomness.ql
+ql/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
+ql/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
+ql/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
+ql/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
+ql/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
+ql/javascript/ql/src/Security/CWE-367/FileSystemRace.ql
+ql/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql
+ql/javascript/ql/src/Security/CWE-384/SessionFixation.ql
+ql/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql
+ql/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql
+ql/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
+ql/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql
+ql/javascript/ql/src/Security/CWE-598/SensitiveGetQuery.ql
+ql/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
+ql/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
+ql/javascript/ql/src/Security/CWE-611/Xxe.ql
+ql/javascript/ql/src/Security/CWE-614/ClearTextCookie.ql
+ql/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
+ql/javascript/ql/src/Security/CWE-643/XpathInjection.ql
+ql/javascript/ql/src/Security/CWE-693/InsecureHelmet.ql
+ql/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
+ql/javascript/ql/src/Security/CWE-730/ServerCrash.ql
+ql/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
+ql/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql
+ql/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql
+ql/javascript/ql/src/Security/CWE-776/XmlBomb.ql
+ql/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
+ql/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql
+ql/javascript/ql/src/Security/CWE-829/InsecureDownload.ql
+ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedDomain.ql
+ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedSource.ql
+ql/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql
+ql/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
+ql/javascript/ql/src/Security/CWE-862/EmptyPasswordInConfigurationFile.ql
+ql/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
+ql/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
+ql/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql
+ql/javascript/ql/src/Security/CWE-918/RequestForgery.ql
+ql/javascript/ql/src/Statements/DanglingElse.ql
+ql/javascript/ql/src/Statements/IgnoreArrayResult.ql
+ql/javascript/ql/src/Statements/InconsistentLoopOrientation.ql
+ql/javascript/ql/src/Statements/LabelInCase.ql
+ql/javascript/ql/src/Statements/LoopIterationSkippedDueToShifting.ql
+ql/javascript/ql/src/Statements/MisleadingIndentationAfterControlStmt.ql
+ql/javascript/ql/src/Statements/ReturnAssignsLocal.ql
+ql/javascript/ql/src/Statements/SuspiciousUnusedLoopIterationVariable.ql
+ql/javascript/ql/src/Statements/UnreachableStatement.ql
+ql/javascript/ql/src/Statements/UseOfReturnlessFunction.ql
+ql/javascript/ql/src/Statements/UselessComparisonTest.ql
+ql/javascript/ql/src/Statements/UselessConditional.ql
+ql/javascript/ql/src/Summary/LinesOfCode.ql
+ql/javascript/ql/src/Summary/LinesOfUserCode.ql
+ql/javascript/ql/src/Vue/ArrowMethodOnVueInstance.ql
diff --git a/javascript/ql/integration-tests/query-suite/javascript-security-extended.qls.expected b/javascript/ql/integration-tests/query-suite/javascript-security-extended.qls.expected
new file mode 100644
index 000000000000..29ae7fd6939e
--- /dev/null
+++ b/javascript/ql/integration-tests/query-suite/javascript-security-extended.qls.expected
@@ -0,0 +1,107 @@
+ql/javascript/ql/src/AngularJS/DisablingSce.ql
+ql/javascript/ql/src/AngularJS/DoubleCompilation.ql
+ql/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql
+ql/javascript/ql/src/Diagnostics/ExtractedFiles.ql
+ql/javascript/ql/src/Diagnostics/ExtractionErrors.ql
+ql/javascript/ql/src/Electron/AllowRunningInsecureContent.ql
+ql/javascript/ql/src/Electron/DisablingWebSecurity.ql
+ql/javascript/ql/src/Performance/PolynomialReDoS.ql
+ql/javascript/ql/src/Performance/ReDoS.ql
+ql/javascript/ql/src/RegExp/IdentityReplacement.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql
+ql/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
+ql/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql
+ql/javascript/ql/src/Security/CWE-020/MissingOriginCheck.ql
+ql/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
+ql/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql
+ql/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
+ql/javascript/ql/src/Security/CWE-022/TaintedPath.ql
+ql/javascript/ql/src/Security/CWE-022/ZipSlip.ql
+ql/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql
+ql/javascript/ql/src/Security/CWE-078/CommandInjection.ql
+ql/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql
+ql/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql
+ql/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql
+ql/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql
+ql/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
+ql/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
+ql/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
+ql/javascript/ql/src/Security/CWE-079/StoredXss.ql
+ql/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql
+ql/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql
+ql/javascript/ql/src/Security/CWE-079/Xss.ql
+ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
+ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
+ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
+ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
+ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
+ql/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
+ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
+ql/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.ql
+ql/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
+ql/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
+ql/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql
+ql/javascript/ql/src/Security/CWE-117/LogInjection.ql
+ql/javascript/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
+ql/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
+ql/javascript/ql/src/Security/CWE-178/CaseSensitiveMiddlewarePath.ql
+ql/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
+ql/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql
+ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
+ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
+ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
+ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
+ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
+ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
+ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
+ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
+ql/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql
+ql/javascript/ql/src/Security/CWE-326/InsufficientKeySize.ql
+ql/javascript/ql/src/Security/CWE-327/BadRandomness.ql
+ql/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
+ql/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
+ql/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
+ql/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
+ql/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql
+ql/javascript/ql/src/Security/CWE-367/FileSystemRace.ql
+ql/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql
+ql/javascript/ql/src/Security/CWE-384/SessionFixation.ql
+ql/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql
+ql/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql
+ql/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
+ql/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql
+ql/javascript/ql/src/Security/CWE-598/SensitiveGetQuery.ql
+ql/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
+ql/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
+ql/javascript/ql/src/Security/CWE-611/Xxe.ql
+ql/javascript/ql/src/Security/CWE-614/ClearTextCookie.ql
+ql/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
+ql/javascript/ql/src/Security/CWE-643/XpathInjection.ql
+ql/javascript/ql/src/Security/CWE-693/InsecureHelmet.ql
+ql/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
+ql/javascript/ql/src/Security/CWE-730/ServerCrash.ql
+ql/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql
+ql/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql
+ql/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql
+ql/javascript/ql/src/Security/CWE-776/XmlBomb.ql
+ql/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
+ql/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql
+ql/javascript/ql/src/Security/CWE-829/InsecureDownload.ql
+ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedDomain.ql
+ql/javascript/ql/src/Security/CWE-830/FunctionalityFromUntrustedSource.ql
+ql/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql
+ql/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
+ql/javascript/ql/src/Security/CWE-862/EmptyPasswordInConfigurationFile.ql
+ql/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
+ql/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql
+ql/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
+ql/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql
+ql/javascript/ql/src/Security/CWE-918/RequestForgery.ql
+ql/javascript/ql/src/Summary/LinesOfCode.ql
+ql/javascript/ql/src/Summary/LinesOfUserCode.ql
diff --git a/javascript/ql/integration-tests/query-suite/not_included_in_qls.expected b/javascript/ql/integration-tests/query-suite/not_included_in_qls.expected
new file mode 100644
index 000000000000..a6c808c6cbfb
--- /dev/null
+++ b/javascript/ql/integration-tests/query-suite/not_included_in_qls.expected
@@ -0,0 +1,148 @@
+ql/javascript/ql/src/AlertSuppression.ql
+ql/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql
+ql/javascript/ql/src/AngularJS/UnusedAngularDependency.ql
+ql/javascript/ql/src/Comments/CommentedOutCode.ql
+ql/javascript/ql/src/Comments/FCommentedOutCode.ql
+ql/javascript/ql/src/Comments/TodoComments.ql
+ql/javascript/ql/src/DOM/Alert.ql
+ql/javascript/ql/src/DOM/AmbiguousIdAttribute.ql
+ql/javascript/ql/src/DOM/ConflictingAttributes.ql
+ql/javascript/ql/src/DOM/TargetBlank.ql
+ql/javascript/ql/src/Declarations/DeadStoreOfGlobal.ql
+ql/javascript/ql/src/Declarations/RedeclaredVariable.ql
+ql/javascript/ql/src/Declarations/TooManyParameters.ql
+ql/javascript/ql/src/Declarations/UnstableCyclicImport.ql
+ql/javascript/ql/src/Declarations/UnusedParameter.ql
+ql/javascript/ql/src/Declarations/UnusedProperty.ql
+ql/javascript/ql/src/Electron/EnablingNodeIntegration.ql
+ql/javascript/ql/src/Expressions/BitwiseSignCheck.ql
+ql/javascript/ql/src/Expressions/CompareIdenticalValues.ql
+ql/javascript/ql/src/Expressions/MisspelledIdentifier.ql
+ql/javascript/ql/src/JSDoc/BadParamTag.ql
+ql/javascript/ql/src/JSDoc/JSDocForNonExistentParameter.ql
+ql/javascript/ql/src/JSDoc/UndocumentedParameter.ql
+ql/javascript/ql/src/LanguageFeatures/ArgumentsCallerCallee.ql
+ql/javascript/ql/src/LanguageFeatures/DebuggerStatement.ql
+ql/javascript/ql/src/LanguageFeatures/EmptyArrayInit.ql
+ql/javascript/ql/src/LanguageFeatures/Eval.ql
+ql/javascript/ql/src/LanguageFeatures/JumpFromFinally.ql
+ql/javascript/ql/src/LanguageFeatures/SetterIgnoresParameter.ql
+ql/javascript/ql/src/LanguageFeatures/WrongExtensionJSON.ql
+ql/javascript/ql/src/Metrics/Dependencies/ExternalDependencies.ql
+ql/javascript/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
+ql/javascript/ql/src/Metrics/FCommentRatio.ql
+ql/javascript/ql/src/Metrics/FCyclomaticComplexity.ql
+ql/javascript/ql/src/Metrics/FFunctions.ql
+ql/javascript/ql/src/Metrics/FLines.ql
+ql/javascript/ql/src/Metrics/FLinesOfCode.ql
+ql/javascript/ql/src/Metrics/FLinesOfComment.ql
+ql/javascript/ql/src/Metrics/FLinesOfDuplicatedCode.ql
+ql/javascript/ql/src/Metrics/FLinesOfSimilarCode.ql
+ql/javascript/ql/src/Metrics/FNumberOfStatements.ql
+ql/javascript/ql/src/Metrics/FNumberOfTests.ql
+ql/javascript/ql/src/Metrics/FUseOfES6.ql
+ql/javascript/ql/src/Metrics/FunCyclomaticComplexity.ql
+ql/javascript/ql/src/Metrics/FunLinesOfCode.ql
+ql/javascript/ql/src/NodeJS/CyclicImport.ql
+ql/javascript/ql/src/NodeJS/DubiousImport.ql
+ql/javascript/ql/src/NodeJS/UnresolvableImport.ql
+ql/javascript/ql/src/NodeJS/UnusedDependency.ql
+ql/javascript/ql/src/Performance/NonLocalForIn.ql
+ql/javascript/ql/src/Performance/ReassignParameterAndUseArguments.ql
+ql/javascript/ql/src/RegExp/BackspaceEscape.ql
+ql/javascript/ql/src/RegExp/MalformedRegExp.ql
+ql/javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
+ql/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
+ql/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql
+ql/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql
+ql/javascript/ql/src/Security/trest/test.ql
+ql/javascript/ql/src/Statements/EphemeralLoop.ql
+ql/javascript/ql/src/Statements/ImplicitReturn.ql
+ql/javascript/ql/src/Statements/InconsistentReturn.ql
+ql/javascript/ql/src/Statements/NestedLoopsSameVariable.ql
+ql/javascript/ql/src/Statements/ReturnOutsideFunction.ql
+ql/javascript/ql/src/Summary/TaintSinks.ql
+ql/javascript/ql/src/Summary/TaintSources.ql
+ql/javascript/ql/src/definitions.ql
+ql/javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql
+ql/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql
+ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
+ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueInjection.ql
+ql/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
+ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql
+ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerificationLocalSource.ql
+ql/javascript/ql/src/experimental/Security/CWE-444/InsecureHttpParser.ql
+ql/javascript/ql/src/experimental/Security/CWE-522-DecompressionBombs/DecompressionBombs.ql
+ql/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql
+ql/javascript/ql/src/experimental/Security/CWE-942/CorsPermissiveConfiguration.ql
+ql/javascript/ql/src/experimental/StandardLibrary/MultipleArgumentsToSetConstructor.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql
+ql/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql
+ql/javascript/ql/src/external/DuplicateFunction.ql
+ql/javascript/ql/src/external/DuplicateToplevel.ql
+ql/javascript/ql/src/external/SimilarFunction.ql
+ql/javascript/ql/src/external/SimilarToplevel.ql
+ql/javascript/ql/src/filters/ClassifyFiles.ql
+ql/javascript/ql/src/meta/ApiGraphs/ApiGraphEdges.ql
+ql/javascript/ql/src/meta/ApiGraphs/ApiGraphNodes.ql
+ql/javascript/ql/src/meta/ApiGraphs/ApiGraphPointsToEdges.ql
+ql/javascript/ql/src/meta/ApiGraphs/ApiGraphRhsNodes.ql
+ql/javascript/ql/src/meta/ApiGraphs/ApiGraphUseNodes.ql
+ql/javascript/ql/src/meta/Consistency.ql
+ql/javascript/ql/src/meta/SSA/DeadDef.ql
+ql/javascript/ql/src/meta/SSA/Dominance.ql
+ql/javascript/ql/src/meta/SSA/MultipleDefs.ql
+ql/javascript/ql/src/meta/SSA/MultipleRefinementInputs.ql
+ql/javascript/ql/src/meta/SSA/NoDefs.ql
+ql/javascript/ql/src/meta/SSA/NoPhiInputs.ql
+ql/javascript/ql/src/meta/SSA/NoRefinementInputs.ql
+ql/javascript/ql/src/meta/SSA/SinglePhiInput.ql
+ql/javascript/ql/src/meta/alerts/CallGraph.ql
+ql/javascript/ql/src/meta/alerts/ImportGraph.ql
+ql/javascript/ql/src/meta/alerts/LibraryInputs.ql
+ql/javascript/ql/src/meta/alerts/TaintSinks.ql
+ql/javascript/ql/src/meta/alerts/TaintSources.ql
+ql/javascript/ql/src/meta/alerts/TaintedNodes.ql
+ql/javascript/ql/src/meta/alerts/ThreatModelSources.ql
+ql/javascript/ql/src/meta/analysis-quality/CalledFunctionCandidates.ql
+ql/javascript/ql/src/meta/analysis-quality/CalledFunctionRatio.ql
+ql/javascript/ql/src/meta/analysis-quality/CalledFunctions.ql
+ql/javascript/ql/src/meta/analysis-quality/DomValueRefs.ql
+ql/javascript/ql/src/meta/analysis-quality/NumModules.ql
+ql/javascript/ql/src/meta/analysis-quality/ResolvableCallCandidates.ql
+ql/javascript/ql/src/meta/analysis-quality/ResolvableCallRatio.ql
+ql/javascript/ql/src/meta/analysis-quality/ResolvableCalls.ql
+ql/javascript/ql/src/meta/analysis-quality/ResolvableImports.ql
+ql/javascript/ql/src/meta/analysis-quality/RouteHandlers.ql
+ql/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql
+ql/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql
+ql/javascript/ql/src/meta/analysis-quality/TaintSinks.ql
+ql/javascript/ql/src/meta/analysis-quality/TaintSources.ql
+ql/javascript/ql/src/meta/analysis-quality/TaintSteps.ql
+ql/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql
+ql/javascript/ql/src/meta/analysis-quality/UncalledFunctions.ql
+ql/javascript/ql/src/meta/analysis-quality/UnmodelledSteps.ql
+ql/javascript/ql/src/meta/analysis-quality/UnpromotedRouteHandlerCandidate.ql
+ql/javascript/ql/src/meta/analysis-quality/UnpromotedRouteSetupCandidate.ql
+ql/javascript/ql/src/meta/analysis-quality/UnresolvableCalls.ql
+ql/javascript/ql/src/meta/analysis-quality/UnresolvableImports.ql
+ql/javascript/ql/src/meta/extraction-metrics/FileData.ql
+ql/javascript/ql/src/meta/extraction-metrics/MissingMetrics.ql
+ql/javascript/ql/src/meta/extraction-metrics/PhaseTimings.ql
+ql/javascript/ql/src/meta/types/TypedExprs.ql
+ql/javascript/ql/src/meta/types/TypesWithQualifiedName.ql
diff --git a/javascript/ql/integration-tests/query-suite/test.py b/javascript/ql/integration-tests/query-suite/test.py
new file mode 100644
index 000000000000..54b6f94043f5
--- /dev/null
+++ b/javascript/ql/integration-tests/query-suite/test.py
@@ -0,0 +1,14 @@
+import runs_on
+import pytest
+from query_suites import *
+
+well_known_query_suites = ['javascript-code-quality.qls', 'javascript-security-and-quality.qls', 'javascript-security-extended.qls', 'javascript-code-scanning.qls']
+
+@runs_on.posix
+@pytest.mark.parametrize("query_suite", well_known_query_suites)
+def test(codeql, javascript, check_query_suite, query_suite):
+    check_query_suite(query_suite)
+
+@runs_on.posix
+def test_not_included_queries(codeql, javascript, check_queries_not_included):
+    check_queries_not_included('javascript', well_known_query_suites)
diff --git a/ruby/ql/integration-tests/query-suite/not_included_in_qls.expected b/ruby/ql/integration-tests/query-suite/not_included_in_qls.expected
new file mode 100644
index 000000000000..ea96d413106e
--- /dev/null
+++ b/ruby/ql/integration-tests/query-suite/not_included_in_qls.expected
@@ -0,0 +1,36 @@
+ql/ruby/ql/src/AlertSuppression.ql
+ql/ruby/ql/src/experimental/CWE-522-DecompressionBombs/DecompressionBombs.ql
+ql/ruby/ql/src/experimental/cwe-022-zipslip/ZipSlip.ql
+ql/ruby/ql/src/experimental/cwe-176/UnicodeBypassValidation.ql
+ql/ruby/ql/src/experimental/cwe-208/UnsafeHmacComparison.ql
+ql/ruby/ql/src/experimental/cwe-347/EmptyJWTSecret.ql
+ql/ruby/ql/src/experimental/cwe-347/MissingJWTVerification.ql
+ql/ruby/ql/src/experimental/cwe-502/UnsafeYamlDeserialization.ql
+ql/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql
+ql/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql
+ql/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql
+ql/ruby/ql/src/experimental/insecure-randomness/InsecureRandomness.ql
+ql/ruby/ql/src/experimental/ldap-improper-auth/ImproperLdapAuth.ql
+ql/ruby/ql/src/experimental/ldap-injection/LdapInjection.ql
+ql/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql
+ql/ruby/ql/src/experimental/performance/UseDetect.ql
+ql/ruby/ql/src/experimental/template-injection/TemplateInjection.ql
+ql/ruby/ql/src/experimental/weak-params/WeakParams.ql
+ql/ruby/ql/src/experimental/xpath-injection/XpathInjection.ql
+ql/ruby/ql/src/filters/ClassifyFiles.ql
+ql/ruby/ql/src/queries/analysis/Definitions.ql
+ql/ruby/ql/src/queries/diagnostics/PerformanceDiagnostics.ql
+ql/ruby/ql/src/queries/meta/CallGraph.ql
+ql/ruby/ql/src/queries/meta/SummarizedCallableCallSites.ql
+ql/ruby/ql/src/queries/meta/TaintSinks.ql
+ql/ruby/ql/src/queries/meta/TaintSources.ql
+ql/ruby/ql/src/queries/meta/TaintedNodes.ql
+ql/ruby/ql/src/queries/metrics/FLines.ql
+ql/ruby/ql/src/queries/metrics/FLinesOfCode.ql
+ql/ruby/ql/src/queries/metrics/FLinesOfComments.ql
+ql/ruby/ql/src/queries/modeling/GenerateModel.ql
+ql/ruby/ql/src/queries/security/cwe-732/WeakFilePermissions.ql
+ql/ruby/ql/src/queries/variables/UnusedParameter.ql
+ql/ruby/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql
+ql/ruby/ql/src/utils/modeleditor/FrameworkModeAccessPaths.ql
+ql/ruby/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql
diff --git a/ruby/ql/integration-tests/query-suite/ruby-code-quality.qls.expected b/ruby/ql/integration-tests/query-suite/ruby-code-quality.qls.expected
new file mode 100644
index 000000000000..94b2f19caaa8
--- /dev/null
+++ b/ruby/ql/integration-tests/query-suite/ruby-code-quality.qls.expected
@@ -0,0 +1,3 @@
+ql/ruby/ql/src/queries/performance/DatabaseQueryInLoop.ql
+ql/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql
+ql/ruby/ql/src/queries/variables/UninitializedLocal.ql
diff --git a/ruby/ql/integration-tests/query-suite/ruby-code-scanning.qls.expected b/ruby/ql/integration-tests/query-suite/ruby-code-scanning.qls.expected
new file mode 100644
index 000000000000..b20eee65577b
--- /dev/null
+++ b/ruby/ql/integration-tests/query-suite/ruby-code-scanning.qls.expected
@@ -0,0 +1,44 @@
+ql/ruby/ql/src/queries/diagnostics/ExtractedFiles.ql
+ql/ruby/ql/src/queries/diagnostics/ExtractionErrors.ql
+ql/ruby/ql/src/queries/diagnostics/ExtractionWarnings.ql
+ql/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
+ql/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql
+ql/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
+ql/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
+ql/ruby/ql/src/queries/security/cwe-078/CommandInjection.ql
+ql/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
+ql/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
+ql/ruby/ql/src/queries/security/cwe-078/UnsafeShellCommandConstruction.ql
+ql/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
+ql/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
+ql/ruby/ql/src/queries/security/cwe-079/UnsafeHtmlConstruction.ql
+ql/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
+ql/ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
+ql/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
+ql/ruby/ql/src/queries/security/cwe-116/IncompleteMultiCharacterSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
+ql/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
+ql/ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql
+ql/ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql
+ql/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql
+ql/ruby/ql/src/queries/security/cwe-300/InsecureDependencyResolution.ql
+ql/ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql
+ql/ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql
+ql/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
+ql/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql
+ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql
+ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
+ql/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
+ql/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
+ql/ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql
+ql/ruby/ql/src/queries/security/cwe-611/Xxe.ql
+ql/ruby/ql/src/queries/security/cwe-732/WeakCookieConfiguration.ql
+ql/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
+ql/ruby/ql/src/queries/security/cwe-915/MassAssignment.ql
+ql/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
+ql/ruby/ql/src/queries/summary/LinesOfCode.ql
+ql/ruby/ql/src/queries/summary/LinesOfUserCode.ql
+ql/ruby/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
+ql/ruby/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
diff --git a/ruby/ql/integration-tests/query-suite/ruby-security-and-quality.qls.expected b/ruby/ql/integration-tests/query-suite/ruby-security-and-quality.qls.expected
new file mode 100644
index 000000000000..604a4c223fbd
--- /dev/null
+++ b/ruby/ql/integration-tests/query-suite/ruby-security-and-quality.qls.expected
@@ -0,0 +1,54 @@
+ql/ruby/ql/src/queries/diagnostics/ExtractedFiles.ql
+ql/ruby/ql/src/queries/diagnostics/ExtractionErrors.ql
+ql/ruby/ql/src/queries/diagnostics/ExtractionWarnings.ql
+ql/ruby/ql/src/queries/performance/DatabaseQueryInLoop.ql
+ql/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
+ql/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql
+ql/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
+ql/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
+ql/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
+ql/ruby/ql/src/queries/security/cwe-078/CommandInjection.ql
+ql/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
+ql/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
+ql/ruby/ql/src/queries/security/cwe-078/UnsafeShellCommandConstruction.ql
+ql/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
+ql/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
+ql/ruby/ql/src/queries/security/cwe-079/UnsafeHtmlConstruction.ql
+ql/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
+ql/ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
+ql/ruby/ql/src/queries/security/cwe-094/UnsafeCodeConstruction.ql
+ql/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
+ql/ruby/ql/src/queries/security/cwe-116/IncompleteMultiCharacterSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-117/LogInjection.ql
+ql/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
+ql/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
+ql/ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql
+ql/ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql
+ql/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql
+ql/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql
+ql/ruby/ql/src/queries/security/cwe-300/InsecureDependencyResolution.ql
+ql/ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql
+ql/ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql
+ql/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
+ql/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql
+ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql
+ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
+ql/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
+ql/ruby/ql/src/queries/security/cwe-506/HardcodedDataInterpretedAsCode.ql
+ql/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
+ql/ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql
+ql/ruby/ql/src/queries/security/cwe-611/Xxe.ql
+ql/ruby/ql/src/queries/security/cwe-732/WeakCookieConfiguration.ql
+ql/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql
+ql/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
+ql/ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql
+ql/ruby/ql/src/queries/security/cwe-915/MassAssignment.ql
+ql/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
+ql/ruby/ql/src/queries/summary/LinesOfCode.ql
+ql/ruby/ql/src/queries/summary/LinesOfUserCode.ql
+ql/ruby/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
+ql/ruby/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
+ql/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql
+ql/ruby/ql/src/queries/variables/UninitializedLocal.ql
diff --git a/ruby/ql/integration-tests/query-suite/ruby-security-extended.qls.expected b/ruby/ql/integration-tests/query-suite/ruby-security-extended.qls.expected
new file mode 100644
index 000000000000..706b9a9a363a
--- /dev/null
+++ b/ruby/ql/integration-tests/query-suite/ruby-security-extended.qls.expected
@@ -0,0 +1,51 @@
+ql/ruby/ql/src/queries/diagnostics/ExtractedFiles.ql
+ql/ruby/ql/src/queries/diagnostics/ExtractionErrors.ql
+ql/ruby/ql/src/queries/diagnostics/ExtractionWarnings.ql
+ql/ruby/ql/src/queries/security/cwe-020/IncompleteHostnameRegExp.ql
+ql/ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql
+ql/ruby/ql/src/queries/security/cwe-020/MissingRegExpAnchor.ql
+ql/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
+ql/ruby/ql/src/queries/security/cwe-022/PathInjection.ql
+ql/ruby/ql/src/queries/security/cwe-078/CommandInjection.ql
+ql/ruby/ql/src/queries/security/cwe-078/KernelOpen.ql
+ql/ruby/ql/src/queries/security/cwe-078/NonConstantKernelOpen.ql
+ql/ruby/ql/src/queries/security/cwe-078/UnsafeShellCommandConstruction.ql
+ql/ruby/ql/src/queries/security/cwe-079/ReflectedXSS.ql
+ql/ruby/ql/src/queries/security/cwe-079/StoredXSS.ql
+ql/ruby/ql/src/queries/security/cwe-079/UnsafeHtmlConstruction.ql
+ql/ruby/ql/src/queries/security/cwe-089/SqlInjection.ql
+ql/ruby/ql/src/queries/security/cwe-094/CodeInjection.ql
+ql/ruby/ql/src/queries/security/cwe-094/UnsafeCodeConstruction.ql
+ql/ruby/ql/src/queries/security/cwe-116/BadTagFilter.ql
+ql/ruby/ql/src/queries/security/cwe-116/IncompleteMultiCharacterSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-116/IncompleteSanitization.ql
+ql/ruby/ql/src/queries/security/cwe-117/LogInjection.ql
+ql/ruby/ql/src/queries/security/cwe-1333/PolynomialReDoS.ql
+ql/ruby/ql/src/queries/security/cwe-1333/ReDoS.ql
+ql/ruby/ql/src/queries/security/cwe-1333/RegExpInjection.ql
+ql/ruby/ql/src/queries/security/cwe-134/TaintedFormatString.ql
+ql/ruby/ql/src/queries/security/cwe-209/StackTraceExposure.ql
+ql/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql
+ql/ruby/ql/src/queries/security/cwe-300/InsecureDependencyResolution.ql
+ql/ruby/ql/src/queries/security/cwe-312/CleartextLogging.ql
+ql/ruby/ql/src/queries/security/cwe-312/CleartextStorage.ql
+ql/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.ql
+ql/ruby/ql/src/queries/security/cwe-327/WeakSensitiveDataHashing.ql
+ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.ql
+ql/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
+ql/ruby/ql/src/queries/security/cwe-502/UnsafeDeserialization.ql
+ql/ruby/ql/src/queries/security/cwe-506/HardcodedDataInterpretedAsCode.ql
+ql/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
+ql/ruby/ql/src/queries/security/cwe-601/UrlRedirect.ql
+ql/ruby/ql/src/queries/security/cwe-611/Xxe.ql
+ql/ruby/ql/src/queries/security/cwe-732/WeakCookieConfiguration.ql
+ql/ruby/ql/src/queries/security/cwe-798/HardcodedCredentials.ql
+ql/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
+ql/ruby/ql/src/queries/security/cwe-912/HttpToFileAccess.ql
+ql/ruby/ql/src/queries/security/cwe-915/MassAssignment.ql
+ql/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
+ql/ruby/ql/src/queries/summary/LinesOfCode.ql
+ql/ruby/ql/src/queries/summary/LinesOfUserCode.ql
+ql/ruby/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
+ql/ruby/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
diff --git a/ruby/ql/integration-tests/query-suite/test.py b/ruby/ql/integration-tests/query-suite/test.py
new file mode 100644
index 000000000000..7ebb9d9c9b5b
--- /dev/null
+++ b/ruby/ql/integration-tests/query-suite/test.py
@@ -0,0 +1,14 @@
+import runs_on
+import pytest
+from query_suites import *
+
+well_known_query_suites = ['ruby-code-quality.qls', 'ruby-security-and-quality.qls', 'ruby-security-extended.qls', 'ruby-code-scanning.qls']
+
+@runs_on.posix
+@pytest.mark.parametrize("query_suite", well_known_query_suites)
+def test(codeql, ruby, check_query_suite, query_suite):
+    check_query_suite(query_suite)
+
+@runs_on.posix
+def test_not_included_queries(codeql, ruby, check_queries_not_included):
+    check_queries_not_included('ruby', well_known_query_suites)
diff --git a/rust/ql/integration-tests/query-suite/not_included_in_qls.expected b/rust/ql/integration-tests/query-suite/not_included_in_qls.expected
new file mode 100644
index 000000000000..a2ce74fe4df8
--- /dev/null
+++ b/rust/ql/integration-tests/query-suite/not_included_in_qls.expected
@@ -0,0 +1,16 @@
+ql/rust/ql/src/queries/summary/CryptographicOperations.ql
+ql/rust/ql/src/queries/summary/LinesOfUserCodeInFiles.ql
+ql/rust/ql/src/queries/summary/QuerySinks.ql
+ql/rust/ql/src/queries/summary/SensitiveData.ql
+ql/rust/ql/src/queries/summary/TaintSources.ql
+ql/rust/ql/src/queries/unusedentities/UnreachableCode.ql
+ql/rust/ql/src/queries/unusedentities/UnusedValue.ql
+ql/rust/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
+ql/rust/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql
+ql/rust/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql
+ql/rust/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
+ql/rust/ql/src/utils/modelgenerator/CaptureSinkModels.ql
+ql/rust/ql/src/utils/modelgenerator/CaptureSourceModels.ql
+ql/rust/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
+ql/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql
+ql/rust/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql
diff --git a/rust/ql/integration-tests/query-suite/rust-code-quality.qls.expected b/rust/ql/integration-tests/query-suite/rust-code-quality.qls.expected
new file mode 100644
index 000000000000..8b137891791f
--- /dev/null
+++ b/rust/ql/integration-tests/query-suite/rust-code-quality.qls.expected
@@ -0,0 +1 @@
+
diff --git a/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected b/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected
new file mode 100644
index 000000000000..0e619031ed59
--- /dev/null
+++ b/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected
@@ -0,0 +1,26 @@
+ql/rust/ql/src/queries/diagnostics/AstConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/CfgConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/ExtractedFiles.ql
+ql/rust/ql/src/queries/diagnostics/ExtractionErrors.ql
+ql/rust/ql/src/queries/diagnostics/ExtractionWarnings.ql
+ql/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/UnextractedElements.ql
+ql/rust/ql/src/queries/diagnostics/UnresolvedMacroCalls.ql
+ql/rust/ql/src/queries/security/CWE-020/RegexInjection.ql
+ql/rust/ql/src/queries/security/CWE-022/TaintedPath.ql
+ql/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
+ql/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
+ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
+ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql
+ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql
+ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
+ql/rust/ql/src/queries/summary/LinesOfCode.ql
+ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
+ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
+ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
+ql/rust/ql/src/queries/summary/QuerySinkCounts.ql
+ql/rust/ql/src/queries/summary/SummaryStats.ql
+ql/rust/ql/src/queries/summary/SummaryStatsReduced.ql
+ql/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql
+ql/rust/ql/src/queries/telemetry/ExtractorInformation.ql
diff --git a/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected b/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected
new file mode 100644
index 000000000000..c21b79749d17
--- /dev/null
+++ b/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected
@@ -0,0 +1,29 @@
+ql/rust/ql/src/queries/diagnostics/AstConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/CfgConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/ExtractedFiles.ql
+ql/rust/ql/src/queries/diagnostics/ExtractionErrors.ql
+ql/rust/ql/src/queries/diagnostics/ExtractionWarnings.ql
+ql/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/UnextractedElements.ql
+ql/rust/ql/src/queries/diagnostics/UnresolvedMacroCalls.ql
+ql/rust/ql/src/queries/security/CWE-020/RegexInjection.ql
+ql/rust/ql/src/queries/security/CWE-022/TaintedPath.ql
+ql/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
+ql/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
+ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
+ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql
+ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql
+ql/rust/ql/src/queries/security/CWE-696/BadCtorInitialization.ql
+ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql
+ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
+ql/rust/ql/src/queries/summary/LinesOfCode.ql
+ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
+ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
+ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
+ql/rust/ql/src/queries/summary/QuerySinkCounts.ql
+ql/rust/ql/src/queries/summary/SummaryStats.ql
+ql/rust/ql/src/queries/summary/SummaryStatsReduced.ql
+ql/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql
+ql/rust/ql/src/queries/telemetry/ExtractorInformation.ql
+ql/rust/ql/src/queries/unusedentities/UnusedVariable.ql
diff --git a/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected b/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected
new file mode 100644
index 000000000000..b3683f02d927
--- /dev/null
+++ b/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected
@@ -0,0 +1,27 @@
+ql/rust/ql/src/queries/diagnostics/AstConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/CfgConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/DataFlowConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/ExtractedFiles.ql
+ql/rust/ql/src/queries/diagnostics/ExtractionErrors.ql
+ql/rust/ql/src/queries/diagnostics/ExtractionWarnings.ql
+ql/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql
+ql/rust/ql/src/queries/diagnostics/UnextractedElements.ql
+ql/rust/ql/src/queries/diagnostics/UnresolvedMacroCalls.ql
+ql/rust/ql/src/queries/security/CWE-020/RegexInjection.ql
+ql/rust/ql/src/queries/security/CWE-022/TaintedPath.ql
+ql/rust/ql/src/queries/security/CWE-089/SqlInjection.ql
+ql/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql
+ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql
+ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql
+ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql
+ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql
+ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql
+ql/rust/ql/src/queries/summary/LinesOfCode.ql
+ql/rust/ql/src/queries/summary/LinesOfUserCode.ql
+ql/rust/ql/src/queries/summary/NumberOfFilesExtractedWithErrors.ql
+ql/rust/ql/src/queries/summary/NumberOfSuccessfullyExtractedFiles.ql
+ql/rust/ql/src/queries/summary/QuerySinkCounts.ql
+ql/rust/ql/src/queries/summary/SummaryStats.ql
+ql/rust/ql/src/queries/summary/SummaryStatsReduced.ql
+ql/rust/ql/src/queries/telemetry/DatabaseQualityDiagnostics.ql
+ql/rust/ql/src/queries/telemetry/ExtractorInformation.ql
diff --git a/rust/ql/integration-tests/query-suite/test.py b/rust/ql/integration-tests/query-suite/test.py
new file mode 100644
index 000000000000..5f48fb428531
--- /dev/null
+++ b/rust/ql/integration-tests/query-suite/test.py
@@ -0,0 +1,14 @@
+import runs_on
+import pytest
+from query_suites import *
+
+well_known_query_suites = ['rust-code-quality.qls', 'rust-security-and-quality.qls', 'rust-security-extended.qls', 'rust-code-scanning.qls']
+
+@runs_on.posix
+@pytest.mark.parametrize("query_suite", well_known_query_suites)
+def test(codeql, rust, check_query_suite, query_suite):
+    check_query_suite(query_suite)
+
+@runs_on.posix
+def test_not_included_queries(codeql, rust, check_queries_not_included):
+    check_queries_not_included('rust', well_known_query_suites)

From c54b684132620d99e47c171cd7f4653ca04a3b5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tam=C3=A1s=20Vajk?= <tamasvajk@github.com>
Date: Thu, 24 Apr 2025 10:29:48 +0200
Subject: [PATCH 4/5] Apply suggestions from code review - code quality
 improvements

Co-authored-by: Paolo Tranquilli <redsun82@github.com>
---
 misc/pytest/lib/query_suites.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/misc/pytest/lib/query_suites.py b/misc/pytest/lib/query_suites.py
index b0b8aea8cf8c..fcbb1f16bde0 100644
--- a/misc/pytest/lib/query_suites.py
+++ b/misc/pytest/lib/query_suites.py
@@ -5,18 +5,18 @@
 @pytest.fixture
 def check_query_suite(codeql, cwd, expected_files, semmle_code_dir):
     def ret(query_suite):
-        actual = codeql.resolve.queries(query_suite, _capture=True).strip()
+        actual = codeql.resolve.queries(query_suite, _capture=True)
         actual = sorted(actual.splitlines())
         actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
         actual_file_name = query_suite + '.actual'
         expected_files.add(actual_file_name)
-        (cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
+        (cwd / actual_file_name).write_text('\n'.join(actual) + '\n')
     return ret
 
 @pytest.fixture
 def check_queries_not_included(codeql, cwd, expected_files, semmle_code_dir):
     def ret(lang_folder_name, query_suites):
-        all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / lang_folder_name / 'ql' / 'src', _capture=True).strip().splitlines()
+        all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / lang_folder_name / 'ql' / 'src', _capture=True).splitlines()
 
         included_in_qls = set()
         for query_suite in query_suites:
@@ -26,5 +26,5 @@ def ret(lang_folder_name, query_suites):
         not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
         not_included_file_name = 'not_included_in_qls.actual'
         expected_files.add(not_included_file_name)
-        (cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')
+        (cwd / not_included_file_name).write_text('\n'.join(not_included) + '\n')
     return ret

From 998e64baf3c7753500ebec5b819a8943661a25bb Mon Sep 17 00:00:00 2001
From: Tamas Vajk <tamasvajk@github.com>
Date: Fri, 25 Apr 2025 09:15:43 +0200
Subject: [PATCH 5/5] Fix failing C# test

---
 .../posix/query-suite/csharp-code-quality.qls.expected           | 1 +
 1 file changed, 1 insertion(+)

diff --git a/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected b/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
index 533344cbbc27..472e79575ca5 100644
--- a/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
+++ b/csharp/ql/integration-tests/posix/query-suite/csharp-code-quality.qls.expected
@@ -1,3 +1,4 @@
+ql/csharp/ql/src/API Abuse/FormatInvalid.ql
 ql/csharp/ql/src/API Abuse/NoDisposeCallOnLocalIDisposable.ql
 ql/csharp/ql/src/Bad Practices/Control-Flow/ConstantCondition.ql
 ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql