From b1dcc05f96e04f5992f6aa45d517e9b430618a24 Mon Sep 17 00:00:00 2001
From: docs-bot <77750099+docs-bot@users.noreply.github.com>
Date: Thu, 30 May 2024 10:31:39 -0700
Subject: [PATCH 1/2] Update CodeQL query tables (#50886)

---
 .../code-scanning/codeql-query-tables/java.md | 58 +++++++++----------
 .../codeql-query-tables/javascript.md         | 12 ++--
 .../codeql-query-tables/python.md             | 14 ++---
 3 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/data/reusables/code-scanning/codeql-query-tables/java.md b/data/reusables/code-scanning/codeql-query-tables/java.md
index 83c500c75b..a185ed3121 100644
--- a/data/reusables/code-scanning/codeql-query-tables/java.md
+++ b/data/reusables/code-scanning/codeql-query-tables/java.md
@@ -67,46 +67,46 @@
 | [XSLT transformation with user-controlled stylesheet](https://codeql.github.com/codeql-query-help/java/java-xslt-injection/) | 074 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Access Java object methods through JavaScript exposure](https://codeql.github.com/codeql-query-help/java/java-android-webview-addjavascriptinterface/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Android APK installation](https://codeql.github.com/codeql-query-help/java/java-android-arbitrary-apk-installation/) | 094 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Android missing certificate pinning](https://codeql.github.com/codeql-query-help/java/java-android-missing-certificate-pinning/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Android sensitive keyboard cache](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-keyboard-cache/) | 524 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Android WebSettings file access](https://codeql.github.com/codeql-query-help/java/java-android-websettings-file-access/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Android WebView JavaScript settings](https://codeql.github.com/codeql-query-help/java/java-android-websettings-javascript-enabled/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Android WebView settings allows access to content links](https://codeql.github.com/codeql-query-help/java/java-android-websettings-allow-content-access/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Application backup allowed](https://codeql.github.com/codeql-query-help/java/java-android-backup-enabled/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Android missing certificate pinning](https://codeql.github.com/codeql-query-help/java/java-android-missing-certificate-pinning/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Android sensitive keyboard cache](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-keyboard-cache/) | 524 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Android WebSettings file access](https://codeql.github.com/codeql-query-help/java/java-android-websettings-file-access/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Android WebView JavaScript settings](https://codeql.github.com/codeql-query-help/java/java-android-websettings-javascript-enabled/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Android WebView settings allows access to content links](https://codeql.github.com/codeql-query-help/java/java-android-websettings-allow-content-access/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Application backup allowed](https://codeql.github.com/codeql-query-help/java/java-android-backup-enabled/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Building a command with an injected environment variable](https://codeql.github.com/codeql-query-help/java/java-exec-tainted-environment/) | 078, 088, 454 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Cleartext storage of sensitive information in the Android filesystem](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-filesystem/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Cleartext storage of sensitive information using 'Properties' class](https://codeql.github.com/codeql-query-help/java/java-cleartext-storage-in-properties/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Cleartext storage of sensitive information using `SharedPreferences` on Android](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-shared-prefs/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Cleartext storage of sensitive information in the Android filesystem](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-filesystem/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Cleartext storage of sensitive information using 'Properties' class](https://codeql.github.com/codeql-query-help/java/java-cleartext-storage-in-properties/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Cleartext storage of sensitive information using `SharedPreferences` on Android](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-shared-prefs/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Cleartext storage of sensitive information using a local database on Android](https://codeql.github.com/codeql-query-help/java/java-android-cleartext-storage-database/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Comparison of narrow type with wide type in loop condition](https://codeql.github.com/codeql-query-help/java/java-comparison-with-wider-type/) | 190, 197 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Executing a command with a relative path](https://codeql.github.com/codeql-query-help/java/java-relative-path-command/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Comparison of narrow type with wide type in loop condition](https://codeql.github.com/codeql-query-help/java/java-comparison-with-wider-type/) | 190, 197 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Executing a command with a relative path](https://codeql.github.com/codeql-query-help/java/java-relative-path-command/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Exposure of sensitive information to notifications](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-notification/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Exposure of sensitive information to UI text views](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-text/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Hard-coded credential in API call](https://codeql.github.com/codeql-query-help/java/java-hardcoded-credential-api-call/) | 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Improper validation of user-provided array index](https://codeql.github.com/codeql-query-help/java/java-improper-validation-of-array-index/) | 129 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Improper validation of user-provided size used for array construction](https://codeql.github.com/codeql-query-help/java/java-improper-validation-of-array-construction/) | 129 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Insecure basic authentication](https://codeql.github.com/codeql-query-help/java/java-insecure-basic-auth/) | 522, 319 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Insecure JavaMail SSL Configuration](https://codeql.github.com/codeql-query-help/java/java-insecure-smtp-ssl/) | 297 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Improper validation of user-provided array index](https://codeql.github.com/codeql-query-help/java/java-improper-validation-of-array-index/) | 129 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Improper validation of user-provided size used for array construction](https://codeql.github.com/codeql-query-help/java/java-improper-validation-of-array-construction/) | 129 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Insecure basic authentication](https://codeql.github.com/codeql-query-help/java/java-insecure-basic-auth/) | 522, 319 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Insecure JavaMail SSL Configuration](https://codeql.github.com/codeql-query-help/java/java-insecure-smtp-ssl/) | 297 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Insecurely generated keys for local authentication](https://codeql.github.com/codeql-query-help/java/java-android-insecure-local-key-gen/) | 287 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Insertion of sensitive information into log files](https://codeql.github.com/codeql-query-help/java/java-sensitive-log/) | 532 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Leaking sensitive information through a ResultReceiver](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-result-receiver/) | 927 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Insertion of sensitive information into log files](https://codeql.github.com/codeql-query-help/java/java-sensitive-log/) | 532 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Leaking sensitive information through a ResultReceiver](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-result-receiver/) | 927 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Leaking sensitive information through an implicit Intent](https://codeql.github.com/codeql-query-help/java/java-android-sensitive-communication/) | 927 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Local information disclosure in a temporary directory](https://codeql.github.com/codeql-query-help/java/java-local-temp-file-or-directory-information-disclosure/) | 200, 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Log Injection](https://codeql.github.com/codeql-query-help/java/java-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Local information disclosure in a temporary directory](https://codeql.github.com/codeql-query-help/java/java-local-temp-file-or-directory-information-disclosure/) | 200, 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Log Injection](https://codeql.github.com/codeql-query-help/java/java-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Loop with unreachable exit condition](https://codeql.github.com/codeql-query-help/java/java-unreachable-exit-in-loop/) | 835 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Missing read or write permission in a content provider](https://codeql.github.com/codeql-query-help/java/java-android-incomplete-provider-permissions/) | 926 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Partial path traversal vulnerability](https://codeql.github.com/codeql-query-help/java/java-partial-path-traversal/) | 023 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Query built by concatenation with a possibly-untrusted string](https://codeql.github.com/codeql-query-help/java/java-concatenated-sql-query/) | 089, 564 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Race condition in socket authentication](https://codeql.github.com/codeql-query-help/java/java-socket-auth-race-condition/) | 421 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Time-of-check time-of-use race condition](https://codeql.github.com/codeql-query-help/java/java-toctou-race-condition/) | 367 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Trust boundary violation](https://codeql.github.com/codeql-query-help/java/java-trust-boundary-violation/) | 501 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Uncontrolled data in arithmetic expression](https://codeql.github.com/codeql-query-help/java/java-uncontrolled-arithmetic/) | 190, 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Missing read or write permission in a content provider](https://codeql.github.com/codeql-query-help/java/java-android-incomplete-provider-permissions/) | 926 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Partial path traversal vulnerability](https://codeql.github.com/codeql-query-help/java/java-partial-path-traversal/) | 023 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Query built by concatenation with a possibly-untrusted string](https://codeql.github.com/codeql-query-help/java/java-concatenated-sql-query/) | 089, 564 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Race condition in socket authentication](https://codeql.github.com/codeql-query-help/java/java-socket-auth-race-condition/) | 421 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Time-of-check time-of-use race condition](https://codeql.github.com/codeql-query-help/java/java-toctou-race-condition/) | 367 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Trust boundary violation](https://codeql.github.com/codeql-query-help/java/java-trust-boundary-violation/) | 501 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Uncontrolled data in arithmetic expression](https://codeql.github.com/codeql-query-help/java/java-uncontrolled-arithmetic/) | 190, 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Unreleased lock](https://codeql.github.com/codeql-query-help/java/java-unreleased-lock/) | 764, 833 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Unsafe certificate trust](https://codeql.github.com/codeql-query-help/java/java-unsafe-cert-trust/) | 273 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Unsafe certificate trust](https://codeql.github.com/codeql-query-help/java/java-unsafe-cert-trust/) | 273 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Unsafe resource fetching in Android WebView](https://codeql.github.com/codeql-query-help/java/java-android-unsafe-android-webview-fetch/) | 749, 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Use of a potentially broken or risky cryptographic algorithm](https://codeql.github.com/codeql-query-help/java/java-potentially-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Use of a potentially broken or risky cryptographic algorithm](https://codeql.github.com/codeql-query-help/java/java-potentially-weak-cryptographic-algorithm/) | 327, 328 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Use of a potentially dangerous function](https://codeql.github.com/codeql-query-help/java/java-potentially-dangerous-function/) | 676 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [User-controlled bypass of sensitive method](https://codeql.github.com/codeql-query-help/java/java-user-controlled-bypass/) | 807, 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [User-controlled data in arithmetic expression](https://codeql.github.com/codeql-query-help/java/java-tainted-arithmetic/) | 190, 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [User-controlled data in arithmetic expression](https://codeql.github.com/codeql-query-help/java/java-tainted-arithmetic/) | 190, 191 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 
 {% endrowheaders %}
diff --git a/data/reusables/code-scanning/codeql-query-tables/javascript.md b/data/reusables/code-scanning/codeql-query-tables/javascript.md
index 323bdb562c..2684745bdc 100644
--- a/data/reusables/code-scanning/codeql-query-tables/javascript.md
+++ b/data/reusables/code-scanning/codeql-query-tables/javascript.md
@@ -90,16 +90,16 @@
 | [Failure to abandon session](https://codeql.github.com/codeql-query-help/javascript/js-session-fixation/) | 384 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [File data in outbound network request](https://codeql.github.com/codeql-query-help/javascript/js-file-access-to-http/) | 200 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Hard-coded data interpreted as code](https://codeql.github.com/codeql-query-help/javascript/js-hardcoded-data-interpreted-as-code/) | 506 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Indirect uncontrolled command line](https://codeql.github.com/codeql-query-help/javascript/js-indirect-command-line-injection/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Insecure temporary file](https://codeql.github.com/codeql-query-help/javascript/js-insecure-temporary-file/) | 377, 378 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Log injection](https://codeql.github.com/codeql-query-help/javascript/js-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Missing origin verification in `postMessage` handler](https://codeql.github.com/codeql-query-help/javascript/js-missing-origin-check/) | 020, 940 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/javascript/js-regex-missing-regexp-anchor/) | 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Indirect uncontrolled command line](https://codeql.github.com/codeql-query-help/javascript/js-indirect-command-line-injection/) | 078, 088 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Insecure temporary file](https://codeql.github.com/codeql-query-help/javascript/js-insecure-temporary-file/) | 377, 378 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Log injection](https://codeql.github.com/codeql-query-help/javascript/js-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Missing origin verification in `postMessage` handler](https://codeql.github.com/codeql-query-help/javascript/js-missing-origin-check/) | 020, 940 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/javascript/js-regex-missing-regexp-anchor/) | 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Network data written to file](https://codeql.github.com/codeql-query-help/javascript/js-http-to-file-access/) | 912, 434 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Password in configuration file](https://codeql.github.com/codeql-query-help/javascript/js-password-in-configuration-file/) | 256, 260, 313, 522 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Potential file system race condition](https://codeql.github.com/codeql-query-help/javascript/js-file-system-race/) | 367 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Remote property injection](https://codeql.github.com/codeql-query-help/javascript/js-remote-property-injection/) | 250, 400 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Sensitive cookie without SameSite restrictions](https://codeql.github.com/codeql-query-help/javascript/js-samesite-none-cookie/) | 1275 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Sensitive cookie without SameSite restrictions](https://codeql.github.com/codeql-query-help/javascript/js-samesite-none-cookie/) | 1275 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Unsafe code constructed from library input](https://codeql.github.com/codeql-query-help/javascript/js-unsafe-code-construction/) | 094, 079, 116 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [User-controlled bypass of security check](https://codeql.github.com/codeql-query-help/javascript/js-user-controlled-bypass/) | 807, 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 
diff --git a/data/reusables/code-scanning/codeql-query-tables/python.md b/data/reusables/code-scanning/codeql-query-tables/python.md
index 6f8623268d..7a4a702d78 100644
--- a/data/reusables/code-scanning/codeql-query-tables/python.md
+++ b/data/reusables/code-scanning/codeql-query-tables/python.md
@@ -37,13 +37,13 @@
 | [XML external entity expansion](https://codeql.github.com/codeql-query-help/python/py-xxe/) | 611, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [XML internal entity expansion](https://codeql.github.com/codeql-query-help/python/py-xml-bomb/) | 776, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [XPath query built from user-controlled sources](https://codeql.github.com/codeql-query-help/python/py-xpath-injection/) | 643 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Arbitrary file write during tarfile extraction](https://codeql.github.com/codeql-query-help/python/py-tarslip/) | 022 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Arbitrary file write during tarfile extraction](https://codeql.github.com/codeql-query-help/python/py-tarslip/) | 022 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Hard-coded credentials](https://codeql.github.com/codeql-query-help/python/py-hardcoded-credentials/) | 259, 321, 798 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Jinja2 templating with autoescape=False](https://codeql.github.com/codeql-query-help/python/py-jinja2-autoescape-false/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Log Injection](https://codeql.github.com/codeql-query-help/python/py-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Overly permissive file permissions](https://codeql.github.com/codeql-query-help/python/py-overly-permissive-file/) | 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Partial server-side request forgery](https://codeql.github.com/codeql-query-help/python/py-partial-ssrf/) | 918 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Request without certificate validation](https://codeql.github.com/codeql-query-help/python/py-request-without-cert-validation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
-| [Unsafe shell command constructed from library input](https://codeql.github.com/codeql-query-help/python/py-shell-command-constructed-from-input/) | 078, 088, 073 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
+| [Jinja2 templating with autoescape=False](https://codeql.github.com/codeql-query-help/python/py-jinja2-autoescape-false/) | 079 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Log Injection](https://codeql.github.com/codeql-query-help/python/py-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Overly permissive file permissions](https://codeql.github.com/codeql-query-help/python/py-overly-permissive-file/) | 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Partial server-side request forgery](https://codeql.github.com/codeql-query-help/python/py-partial-ssrf/) | 918 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Request without certificate validation](https://codeql.github.com/codeql-query-help/python/py-request-without-cert-validation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Unsafe shell command constructed from library input](https://codeql.github.com/codeql-query-help/python/py-shell-command-constructed-from-input/) | 078, 088, 073 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 
 {% endrowheaders %}

From d9453990d8ddba17e0b8c029e79ad99e366faa92 Mon Sep 17 00:00:00 2001
From: Peter Bengtsson <peterbe@github.com>
Date: Thu, 30 May 2024 13:44:34 -0400
Subject: [PATCH 2/2] Port `reload-tree.js` to TypeScript (#50890)

---
 .../scripts/all-documents/lib.ts              | 19 +-----
 .../scripts/find-orphaned-features/find.ts    | 17 +-----
 src/frame/lib/warm-server.d.ts                |  8 +--
 src/frame/middleware/index.ts                 |  2 +-
 .../{reload-tree.js => reload-tree.ts}        | 30 +++++----
 .../scripts/count-translation-corruptions.ts  | 15 +----
 src/links/lib/validate-docs-urls.ts           | 13 +---
 src/types.ts                                  | 61 +++++++++++++++++++
 8 files changed, 87 insertions(+), 78 deletions(-)
 rename src/frame/middleware/{reload-tree.js => reload-tree.ts} (69%)

diff --git a/src/content-render/scripts/all-documents/lib.ts b/src/content-render/scripts/all-documents/lib.ts
index c7c188250d..dcd0c20a8b 100644
--- a/src/content-render/scripts/all-documents/lib.ts
+++ b/src/content-render/scripts/all-documents/lib.ts
@@ -1,3 +1,4 @@
+import type { Page } from '@/types'
 import contextualize from '@/frame/middleware/context/context.js'
 import features from '@/versions/middleware/features.js'
 import shortVersions from '@/versions/middleware/short-versions.js'
@@ -19,24 +20,6 @@ export type AllDocument = {
   documents: Document[]
 }
 
-type Permalink = {
-  languageCode: string
-  pageVersion: string
-  title: string
-  href: string
-}
-
-type Page = {
-  permalinks: Permalink[]
-  fullPath: string
-  title: string
-  shortTitle?: string
-  intro: string
-  languageCode: string
-  documentType: string
-  renderProp: (prop: string, context: any, opts: any) => Promise<string>
-}
-
 type Options = {
   languages: string[]
   versions: string[]
diff --git a/src/data-directory/scripts/find-orphaned-features/find.ts b/src/data-directory/scripts/find-orphaned-features/find.ts
index a03a7cd322..6c97cabc20 100644
--- a/src/data-directory/scripts/find-orphaned-features/find.ts
+++ b/src/data-directory/scripts/find-orphaned-features/find.ts
@@ -34,6 +34,7 @@ import path from 'path'
 import chalk from 'chalk'
 import { TokenizationError } from 'liquidjs'
 
+import type { Page } from '@/types'
 import warmServer from '@/frame/lib/warm-server.js'
 import { getDeepDataByLanguage } from '@/data-directory/lib/get-data.js'
 import { getLiquidTokens } from '@/content-linter/lib/helpers/liquid-utils.js'
@@ -51,22 +52,6 @@ type Options = {
   verbose?: boolean
 }
 
-type Page = {
-  permalinks: Permalink[]
-  relativePath: string
-  fullPath: string
-  title: string
-  shortTitle?: string
-  intro: string
-  markdown: string
-  languageCode: string
-  versions: Record<string, string>
-}
-type Permalink = {
-  href: string
-  languageCode: string
-}
-
 export async function find(options: Options) {
   const { sourceDirectory } = options
   if (process.env.ENABLED_LANGUAGES && process.env.ENABLED_LANGUAGES === 'en') {
diff --git a/src/frame/lib/warm-server.d.ts b/src/frame/lib/warm-server.d.ts
index c6943c71cb..1c262861e7 100644
--- a/src/frame/lib/warm-server.d.ts
+++ b/src/frame/lib/warm-server.d.ts
@@ -1,9 +1,3 @@
-type Site = {
-  pages: Record<String, Page>
-  redirects: Record<string, string>
-  unversionedTree: Record<string, string>
-  siteTree: Record<string, string>
-  pageList: Page[]
-}
+import type { Site } from '@/types'
 
 export default function warmServer(languages: string[]): Promise<Site>
diff --git a/src/frame/middleware/index.ts b/src/frame/middleware/index.ts
index 9ce03c4387..54a2e2536c 100644
--- a/src/frame/middleware/index.ts
+++ b/src/frame/middleware/index.ts
@@ -18,7 +18,7 @@ import {
 import handleErrors from '@/observability/middleware/handle-errors'
 import handleNextDataPath from './handle-next-data-path'
 import detectLanguage from '@/languages/middleware/detect-language'
-import reloadTree from './reload-tree.js'
+import reloadTree from './reload-tree'
 import context from './context/context.js'
 import shortVersions from '@/versions/middleware/short-versions.js'
 import languageCodeRedirects from '@/redirects/middleware/language-code-redirects.js'
diff --git a/src/frame/middleware/reload-tree.js b/src/frame/middleware/reload-tree.ts
similarity index 69%
rename from src/frame/middleware/reload-tree.js
rename to src/frame/middleware/reload-tree.ts
index 45ee53ce63..9a6afe9e92 100644
--- a/src/frame/middleware/reload-tree.js
+++ b/src/frame/middleware/reload-tree.ts
@@ -16,33 +16,37 @@
 
 import path from 'path'
 
-import languages, { languageKeys } from '#src/languages/lib/languages.js'
-import createTree from '#src/frame/lib/create-tree.js'
-import warmServer from '#src/frame/lib/warm-server.js'
-import { loadSiteTree, loadPages, loadPageMap } from '#src/frame/lib/page-data.js'
-import loadRedirects from '#src/redirects/lib/precompile.js'
+import type { Response, NextFunction } from 'express'
+
+import type { ExtendedRequest, UnversionedTree, SiteTree } from '@/types'
+import languages, { languageKeys } from '@/languages/lib/languages.js'
+import createTree from '@/frame/lib/create-tree.js'
+import warmServer from '@/frame/lib/warm-server.js'
+import { loadSiteTree, loadPages, loadPageMap } from '@/frame/lib/page-data.js'
+import loadRedirects from '@/redirects/lib/precompile.js'
 
 const languagePrefixRegex = new RegExp(`^/(${languageKeys.join('|')})(/|$)`)
 const englishPrefixRegex = /^\/en(\/|$)/
 
 const isDev = process.env.NODE_ENV === 'development'
 
-export default async function reloadTree(req, res, next) {
+export default async function reloadTree(req: ExtendedRequest, res: Response, next: NextFunction) {
   if (!isDev) return next()
   // Filter out things like `/will/redirect` or `/_next/data/...`
-  if (!languagePrefixRegex.test(req.pagePath)) return next()
+  if (!req.pagePath || !languagePrefixRegex.test(req.pagePath)) return next()
   // We only bother if the loaded URL is something `/en/...`
   if (!englishPrefixRegex.test(req.pagePath)) return next()
 
-  const warmed = await warmServer()
+  const warmed = await warmServer([])
+
   // For all the real English content, this usually takes about 30-60ms on
   // an Intel MacBook Pro.
   const before = getMtimes(warmed.unversionedTree.en)
-  warmed.unversionedTree.en = await createTree(
+  warmed.unversionedTree.en = (await createTree(
     path.join(languages.en.dir, 'content'),
     undefined,
     warmed.unversionedTree.en,
-  )
+  )) as UnversionedTree // Note! Have to use `as` until create-tree.js is JS
   const after = getMtimes(warmed.unversionedTree.en)
   // The next couple of operations are much slower (in total) than
   // refreshing the tree. So we want to know if the tree changed before
@@ -50,9 +54,9 @@ export default async function reloadTree(req, res, next) {
   // If refreshing of the `.en` part of the `unversionedTree` takes 40ms
   // then the following operations takes about 140ms.
   if (before !== after) {
-    warmed.siteTree = await loadSiteTree(warmed.unversionedTree)
+    warmed.siteTree = (await loadSiteTree(warmed.unversionedTree)) as SiteTree
     warmed.pageList = await loadPages(warmed.unversionedTree)
-    warmed.pageMap = await loadPageMap(warmed.pageList)
+    warmed.pages = await loadPageMap(warmed.pageList)
     warmed.redirects = await loadRedirects(warmed.pageList)
   }
 
@@ -63,7 +67,7 @@ export default async function reloadTree(req, res, next) {
 // in the tree.
 // You can use this to compute it before and after the tree is (maybe)
 // mutated and if the numbers *change* you can know the tree changed.
-function getMtimes(tree) {
+function getMtimes(tree: UnversionedTree) {
   let mtimes = tree.page.mtime
   for (const child of tree.childPages || []) {
     mtimes += getMtimes(child)
diff --git a/src/languages/scripts/count-translation-corruptions.ts b/src/languages/scripts/count-translation-corruptions.ts
index 8a7699bbc2..8260b2de95 100644
--- a/src/languages/scripts/count-translation-corruptions.ts
+++ b/src/languages/scripts/count-translation-corruptions.ts
@@ -8,7 +8,8 @@ import walk from 'walk-sync'
 
 import { getLiquidTokens } from '@/content-linter/lib/helpers/liquid-utils.js'
 import languages from '@/languages/lib/languages.js'
-import warmServer, { type Site } from '@/frame/lib/warm-server.js'
+import warmServer from '@/frame/lib/warm-server.js'
+import type { Site } from '@/types'
 import { correctTranslatedContentStrings } from '@/languages/lib/correct-translation-content.js'
 
 program
@@ -17,16 +18,6 @@ program
   .action(main)
 program.parse(process.argv)
 
-type Page = {
-  relativePath: string
-  fullPath: string
-  title: string
-  shortTitle?: string
-  intro: string
-  markdown: string
-  languageCode: string
-}
-
 type Reusables = Map<string, string>
 
 async function main(languageCodes: string[]) {
@@ -80,7 +71,7 @@ function run(languageCode: string, site: Site, englishReusables: Reusables) {
 
   console.log(`--- Tallying liquid corruptions in ${languageCode} (${language.name}) ---`)
 
-  const pageList: Page[] = site.pageList
+  const pageList = site.pageList
   const errors = new Map<string, number>()
   const wheres = new Map<string, number>()
   const illegalTags = new Map<string, number>()
diff --git a/src/links/lib/validate-docs-urls.ts b/src/links/lib/validate-docs-urls.ts
index 283086b50c..d9319bd85b 100644
--- a/src/links/lib/validate-docs-urls.ts
+++ b/src/links/lib/validate-docs-urls.ts
@@ -8,25 +8,16 @@ import features from '@/versions/middleware/features.js'
 import findPage from '@/frame/middleware/find-page.js'
 import { createMinimalProcessor } from '@/content-render/unified/processor.js'
 import getRedirect from '@/redirects/lib/get-redirect.js'
+import type { Page } from '@/types'
 
 export type DocsUrls = {
   [identifier: string]: string
 }
 
-type Page = {
-  permalinks: Permalink[]
-  relativePath: string
-  rawIntro: string
-  rawPermissions?: string
-  markdown: string
-}
 type Permalink = {
   href: string
   languageCode: string
 }
-type PageMap = {
-  [href: string]: Page
-}
 type Redirects = {
   [from: string]: string
 }
@@ -48,7 +39,7 @@ export type Check = {
 
 export async function validateDocsUrl(docsUrls: DocsUrls, { checkFragments = false } = {}) {
   const site = await warmServer(['en'])
-  const pages: PageMap = site.pages
+  const pages = site.pages
   const redirects: Redirects = site.redirects
 
   const checks: Check[] = []
diff --git a/src/types.ts b/src/types.ts
index 84ae6467c5..9795070660 100644
--- a/src/types.ts
+++ b/src/types.ts
@@ -26,3 +26,64 @@ type Language = {
 export type Languages = {
   [key: string]: Language
 }
+
+type Permalink = {
+  languageCode: string
+  pageVersion: string
+  title: string
+  href: string
+}
+
+type Versions = {
+  feature?: string
+  fpt?: string
+  ghec?: string
+  ghes?: string
+}
+
+export type Page = {
+  mtime: number
+  permalinks: Permalink[]
+  fullPath: string
+  title: string
+  shortTitle?: string
+  intro: string
+  languageCode: string
+  documentType: string
+  renderProp: (prop: string, context: any, opts: any) => Promise<string>
+  markdown: string
+  versions: Versions
+}
+
+export type Tree = {
+  page: Page
+  children: string[] | undefined
+  href: string
+  childPages?: Tree[]
+}
+export type VersionedTree = {
+  [version: string]: Tree
+}
+
+export type SiteTree = {
+  [languageCode: string]: VersionedTree
+}
+
+export type UnversionedTree = {
+  page: Page
+  children: string[]
+  childPages: UnversionedTree[]
+}
+
+export type UnversionLanguageTree = {
+  [languageCode: string]: UnversionedTree
+}
+
+export type Site = {
+  pages: Record<string, Page>
+  redirects: Record<string, string>
+  unversionedTree: UnversionLanguageTree
+  siteTree: SiteTree
+  pageList: Page[]
+  pageMap: Record<string, Page>
+}