Add CallGraphFromTo queries for all supported languages

- Add CallGraphFromTo.ql for cpp, csharp, go, java, javascript, python, ruby, swift
- Each query supports sourceFunction and targetFunction external predicates
- Include documentation (.md) and test suites with expected outputs
- Update QL pack dependencies to latest versions
- Fix go PrintAST query for compatibility with v2.25.0
- Fix java PrintCFG query for compatibility with v2.25.0

Closes #164

Author: data-douser

server/ql/cpp/tools/src/CallGraphFromTo/CallGraphFromTo.md

@@ -0,0 +1,47 @@
+# CallGraphFromTo for C++
+
+Displays calls on reachable paths from a source function to a target function, showing transitive call graph connectivity.
+
+## Overview
+
+This query identifies all function calls that lie on any transitive call path from a specified source function to a specified target function. Given both a source and target function name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and function reachability.
+
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts function names via external predicates (`sourceFunction` and `targetFunction`) and supports both simple and qualified name matching.
+
+## Use Cases
+
+This query is primarily used for:
+
+- Determining if a call path exists between two functions
+- Mapping indirect call chains from a source to a target function
+- Analyzing security-relevant paths (e.g., from user input handlers to sensitive operations)
+- Understanding transitive dependencies between functions
+
+## Example
+
+The following C++ code demonstrates a transitive call chain from `source` through `intermediate` to `target`:
+
+```cpp
+void target() {}
+
+void intermediate() {
+    target();
+}
+
+void source() {
+    intermediate();
+}
+```
+
+Running with `sourceFunction = "source"` and `targetFunction = "target"` produces results showing each call site on the path with the message pattern ``Reachable call from `source`to`intermediate```.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- ``select call, "Reachable call from `caller` to `callee`"``
+
+## References
+
+- [C++ Functions](https://en.cppreference.com/w/cpp/language/functions)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

server/ql/cpp/tools/src/CallGraphFromTo/CallGraphFromTo.ql

@@ -0,0 +1,92 @@
+/**
+ * @name Call Graph From To for cpp
+ * @description Displays calls on reachable paths from a source function to a target function, showing transitive call graph connectivity.
+ * @id cpp/tools/call-graph-from-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import cpp
+
+/**
+ * Gets the source function name for call graph reachability analysis.
+ * Can be a single function name or comma-separated list of function names.
+ */
+external string sourceFunction();
+
+/**
+ * Gets the target function name for call graph reachability analysis.
+ * Can be a single function name or comma-separated list of function names.
+ */
+external string targetFunction();
+
+/**
+ * Gets a single source function name from the comma-separated list.
+ */
+string getSourceFunctionName() { result = sourceFunction().splitAt(",").trim() }
+
+/**
+ * Gets a single target function name from the comma-separated list.
+ */
+string getTargetFunctionName() { result = targetFunction().splitAt(",").trim() }
+
+/**
+ * Gets a function by matching against the selected source function names.
+ */
+Function getSourceFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getSourceFunctionName() and
+    (
+      // Match by exact function name
+      result.getName() = selectedFunc or
+      // Match by qualified name
+      result.getQualifiedName() = selectedFunc
+    )
+  )
+}
+
+/**
+ * Gets a function by matching against the selected target function names.
+ */
+Function getTargetFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getTargetFunctionName() and
+    (
+      // Match by exact function name
+      result.getName() = selectedFunc or
+      // Match by qualified name
+      result.getQualifiedName() = selectedFunc
+    )
+  )
+}
+
+/**
+ * Holds if function `caller` directly calls function `callee`.
+ */
+predicate calls(Function caller_, Function callee_) {
+  exists(FunctionCall c | c.getEnclosingFunction() = caller_ and c.getTarget() = callee_)
+}
+
+from FunctionCall call, Function caller, Function callee
+where
+  call.getTarget() = callee and
+  call.getEnclosingFunction() = caller and
+  (
+    // Use external predicates if available: show calls on paths from source to target
+    exists(Function source, Function target |
+      source = getSourceFunction() and
+      target = getTargetFunction() and
+      calls*(source, caller) and
+      calls*(callee, target)
+    )
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getSourceFunctionName()) and
+      not exists(getTargetFunctionName()) and
+      caller.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Reachable call from `" + caller.getQualifiedName() + "` to `" + callee.getQualifiedName() + "`"

server/ql/cpp/tools/src/codeql-pack.lock.yml

@@ -2,27 +2,27 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/controlflow:
-    version: 2.0.25
+    version: 2.0.28
   codeql/cpp-all:
-    version: 7.1.0
+    version: 8.0.1
   codeql/dataflow:
-    version: 2.0.25
+    version: 2.1.0
   codeql/mad:
-    version: 1.0.41
+    version: 1.0.44
   codeql/quantum:
-    version: 0.0.19
+    version: 0.0.22
   codeql/rangeanalysis:
-    version: 1.0.41
+    version: 1.0.44
   codeql/ssa:
-    version: 2.0.17
+    version: 2.0.20
   codeql/tutorial:
-    version: 1.0.41
+    version: 1.0.44
   codeql/typeflow:
-    version: 1.0.41
+    version: 1.0.44
   codeql/typetracking:
-    version: 2.0.25
-  codeql/util:
     version: 2.0.28
+  codeql/util:
+    version: 2.0.31
   codeql/xml:
-    version: 1.0.41
+    version: 1.0.44
 compiled: false

server/ql/cpp/tools/src/codeql-pack.yml

@@ -3,4 +3,4 @@ version: 2.25.0
 description: 'Queries for codeql-development-mcp-server tools for cpp language'
 library: false
 dependencies:
-  codeql/cpp-all: 7.1.0
+  codeql/cpp-all: 8.0.1

server/ql/cpp/tools/test/CallGraphFromTo/CallGraphFromTo.expected

@@ -0,0 +1,3 @@
+| Example1.cpp:6:5:6:13 | call to unrelated | Reachable call from `target` to `unrelated` |
+| Example1.cpp:10:5:10:10 | call to target | Reachable call from `intermediate` to `target` |
+| Example1.cpp:14:5:14:16 | call to intermediate | Reachable call from `source` to `intermediate` |

server/ql/cpp/tools/test/CallGraphFromTo/CallGraphFromTo.qlref

@@ -0,0 +1 @@
+CallGraphFromTo/CallGraphFromTo.ql

server/ql/cpp/tools/test/CallGraphFromTo/Example1.cpp

@@ -0,0 +1,15 @@
+void unrelated() {
+    // No calls
+}
+
+void target() {
+    unrelated();
+}
+
+void intermediate() {
+    target();
+}
+
+void source() {
+    intermediate();
+}

server/ql/cpp/tools/test/codeql-pack.lock.yml

@@ -2,27 +2,27 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/controlflow:
-    version: 2.0.25
+    version: 2.0.28
   codeql/cpp-all:
-    version: 7.1.0
+    version: 8.0.1
   codeql/dataflow:
-    version: 2.0.25
+    version: 2.1.0
   codeql/mad:
-    version: 1.0.41
+    version: 1.0.44
   codeql/quantum:
-    version: 0.0.19
+    version: 0.0.22
   codeql/rangeanalysis:
-    version: 1.0.41
+    version: 1.0.44
   codeql/ssa:
-    version: 2.0.17
+    version: 2.0.20
   codeql/tutorial:
-    version: 1.0.41
+    version: 1.0.44
   codeql/typeflow:
-    version: 1.0.41
+    version: 1.0.44
   codeql/typetracking:
-    version: 2.0.25
-  codeql/util:
     version: 2.0.28
+  codeql/util:
+    version: 2.0.31
   codeql/xml:
-    version: 1.0.41
+    version: 1.0.44
 compiled: false

server/ql/csharp/tools/src/CallGraphFromTo/CallGraphFromTo.md

@@ -0,0 +1,49 @@
+# CallGraphFromTo for `csharp` Source Files
+
+Displays calls on reachable paths from a source method to a target method, showing transitive call graph connectivity.
+
+## Overview
+
+This query identifies all method calls that lie on any transitive call path from a specified source method to a specified target method. Given both a source and target method name, it reports each call site along the connecting paths, which is useful for understanding indirect call chains, security-relevant data flow paths, and method reachability.
+
+The query uses transitive closure (`calls*`) to determine reachability, then reports only the direct call sites that contribute to paths between the source and target. It accepts method names via external predicates (`sourceFunction` and `targetFunction`).
+
+## Use Cases
+
+This query is primarily used for:
+
+- Determining if a call path exists between two methods
+- Mapping indirect call chains from a source to a target method
+- Analyzing security-relevant paths (e.g., from user input handlers to sensitive operations)
+- Understanding transitive dependencies between methods
+
+## Example
+
+The following C# code demonstrates a transitive call chain from `Source` through `Intermediate` to `Target`:
+
+```csharp
+class Example {
+    void Target() {}
+
+    void Intermediate() {
+        Target();
+    }
+
+    void Source() {
+        Intermediate();
+    }
+}
+```
+
+Running with `sourceFunction = "Source"` and `targetFunction = "Target"` produces results showing each call site on the path with the message pattern ``Reachable call from `Source`to`Intermediate```.
+
+## Output Format
+
+The query is a `@kind problem` query producing rows of:
+
+- ``select call, "Reachable call from `caller` to `callee`"``
+
+## References
+
+- [C# Methods](https://learn.microsoft.com/en-us/dotnet/csharp/programming-guide/classes-and-structs/methods)
+- [CodeQL Call Graph Analysis](https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/)

server/ql/csharp/tools/src/CallGraphFromTo/CallGraphFromTo.ql

@@ -0,0 +1,82 @@
+/**
+ * @name Call Graph From To for csharp
+ * @description Displays calls on reachable paths from a source method to a target method, showing transitive call graph connectivity.
+ * @id csharp/tools/call-graph-from-to
+ * @kind problem
+ * @problem.severity recommendation
+ * @tags call-graph
+ */
+
+import csharp
+
+/**
+ * Gets the source method name for call graph reachability analysis.
+ * Can be a single method name or comma-separated list of method names.
+ */
+external string sourceFunction();
+
+/**
+ * Gets the target method name for call graph reachability analysis.
+ * Can be a single method name or comma-separated list of method names.
+ */
+external string targetFunction();
+
+/**
+ * Gets a single source method name from the comma-separated list.
+ */
+string getSourceFunctionName() { result = sourceFunction().splitAt(",").trim() }
+
+/**
+ * Gets a single target method name from the comma-separated list.
+ */
+string getTargetFunctionName() { result = targetFunction().splitAt(",").trim() }
+
+/**
+ * Gets a method by matching against the selected source method names.
+ */
+Callable getSourceFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getSourceFunctionName() and
+    result.getName() = selectedFunc
+  )
+}
+
+/**
+ * Gets a method by matching against the selected target method names.
+ */
+Callable getTargetFunction() {
+  exists(string selectedFunc |
+    selectedFunc = getTargetFunctionName() and
+    result.getName() = selectedFunc
+  )
+}
+
+/**
+ * Holds if callable `caller` directly calls callable `callee`.
+ */
+predicate calls(Callable caller_, Callable callee_) {
+  exists(Call c | c.getEnclosingCallable() = caller_ and c.getTarget() = callee_)
+}
+
+from Call call, Callable caller, Callable callee
+where
+  call.getEnclosingCallable() = caller and
+  call.getTarget() = callee and
+  (
+    // Use external predicates if available: show calls on paths from source to target
+    exists(Callable source, Callable target |
+      source = getSourceFunction() and
+      target = getTargetFunction() and
+      calls*(source, caller) and
+      calls*(callee, target)
+    )
+    or
+    // Fallback for unit tests: include test files
+    (
+      not exists(getSourceFunctionName()) and
+      not exists(getTargetFunctionName()) and
+      caller.getFile().getParentContainer().getParentContainer().getBaseName() = "test"
+    )
+  )
+select call,
+  "Reachable call from `" + caller.getName() + "` to `" + callee.getName() + "`"