Merge branch 'main' of https://github.com/github/codeql into python/captured-variables-for-typetracking

2026-05-05 13:45:19 +02:00 · 2023-04-25 14:07:11 +02:00
parent a25c7f7549 b35637e1c5
commit 141c5af30e
37 changed files with 895 additions and 367 deletions
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlow.qll
@@ -361,3 +361,52 @@ module MergePathGraph<
    }
  }
 }
+
+/**
+ * Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
+ */
+module MergePathGraph3<
+  PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
+  PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
+{
+  private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
+
+  private module Merged =
+    MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
+
+  /** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
+  class PathNode instanceof Merged::PathNode {
+    /** Gets this as a projection on the first given `PathGraph`. */
+    PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
+
+    /** Gets this as a projection on the second given `PathGraph`. */
+    PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
+
+    /** Gets this as a projection on the third given `PathGraph`. */
+    PathNode3 asPathNode3() { result = super.asPathNode2() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the underlying `Node`. */
+    Node getNode() { result = super.getNode() }
+  }
+
+  /**
+   * Provides the query predicates needed to include a graph in a path-problem query.
+   */
+  module PathGraph = Merged::PathGraph;
+}
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlow.qll
@@ -361,3 +361,52 @@ module MergePathGraph<
    }
  }
 }
+
+/**
+ * Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
+ */
+module MergePathGraph3<
+  PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
+  PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
+{
+  private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
+
+  private module Merged =
+    MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
+
+  /** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
+  class PathNode instanceof Merged::PathNode {
+    /** Gets this as a projection on the first given `PathGraph`. */
+    PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
+
+    /** Gets this as a projection on the second given `PathGraph`. */
+    PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
+
+    /** Gets this as a projection on the third given `PathGraph`. */
+    PathNode3 asPathNode3() { result = super.asPathNode2() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the underlying `Node`. */
+    Node getNode() { result = super.getNode() }
+  }
+
+  /**
+   * Provides the query predicates needed to include a graph in a path-problem query.
+   */
+  module PathGraph = Merged::PathGraph;
+}
--- a/csharp/ql/lib/ext/System.IO.model.yml
+++ b/csharp/ql/lib/ext/System.IO.model.yml
@@ -4,6 +4,23 @@ extensions:
      extensible: sourceModel
    data:
      - ["System.IO", "FileStream", False, "FileStream", "", "", "Argument[this]", "file", "manual"]
+      - ["System.IO", "FileStream", False, "FileStream", "", "", "Argument[this]", "file-write", "manual"]
+      - ["System.IO", "StreamWriter", False, "StreamWriter", "(System.String)", "", "Argument[this]", "file-write", "manual"]
+      - ["System.IO", "StreamWriter", False, "StreamWriter", "(System.String,System.Boolean)", "", "Argument[this]", "file-write", "manual"]
+      - ["System.IO", "StreamWriter", False, "StreamWriter", "(System.String,System.Boolean,System.Text.Encoding)", "", "Argument[this]", "file-write", "manual"]
+      - ["System.IO", "StreamWriter", False, "StreamWriter", "(System.String,System.Boolean,System.Text.Encoding,System.Int32)", "", "Argument[this]", "file-write", "manual"]
+      - ["System.IO", "StreamWriter", False, "StreamWriter", "(System.String,System.Text.Encoding,System.IO.FileStreamOptions)", "", "Argument[this]", "file-write", "manual"]
+      - ["System.IO", "StreamWriter", False, "StreamWriter", "(System.String,System.IO.FileStreamOptions)", "", "Argument[this]", "file-write", "manual"]
+      - ["System.IO", "File", False, "Open", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "File", False, "OpenWrite", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "File", False, "Create", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "File", False, "CreateText", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "File", False, "AppendText", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "FileInfo", False, "Open", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "FileInfo", False, "OpenWrite", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "FileInfo", False, "Create", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "FileInfo", False, "CreateText", "", "", "ReturnValue", "file-write", "manual"]
+      - ["System.IO", "FileInfo", False, "AppendText", "", "", "ReturnValue", "file-write", "manual"]
  - addsTo:
      pack: codeql/csharp-all
      extensible: summaryModel
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
@@ -215,7 +215,7 @@ module ModelValidation {
    )
    or
    exists(string kind | sourceModel(_, _, _, _, _, _, _, kind, _) |
-      not kind = ["local", "remote", "file"] and
+      not kind = ["local", "remote", "file", "file-write"] and
      result = "Invalid kind \"" + kind + "\" in source model."
    )
  }
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlow.qll
@@ -361,3 +361,52 @@ module MergePathGraph<
    }
  }
 }
+
+/**
+ * Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
+ */
+module MergePathGraph3<
+  PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
+  PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
+{
+  private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
+
+  private module Merged =
+    MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
+
+  /** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
+  class PathNode instanceof Merged::PathNode {
+    /** Gets this as a projection on the first given `PathGraph`. */
+    PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
+
+    /** Gets this as a projection on the second given `PathGraph`. */
+    PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
+
+    /** Gets this as a projection on the third given `PathGraph`. */
+    PathNode3 asPathNode3() { result = super.asPathNode2() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the underlying `Node`. */
+    Node getNode() { result = super.getNode() }
+  }
+
+  /**
+   * Provides the query predicates needed to include a graph in a path-problem query.
+   */
+  module PathGraph = Merged::PathGraph;
+}
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll
@@ -6,6 +6,7 @@ import csharp
 private import Remote
 private import semmle.code.csharp.commons.Loggers
 private import semmle.code.csharp.frameworks.system.Web
+private import semmle.code.csharp.frameworks.system.IO
 private import semmle.code.csharp.dataflow.ExternalFlow

 /**
@@ -63,3 +64,56 @@ class CookieStorageSink extends ExternalLocationSink, RemoteFlowSink {
    )
  }
 }
+
+private predicate isFileWriteCall(Expr stream, Expr data) {
+  exists(MethodCall mc, Method m | mc.getTarget() = m.getAnOverrider*() |
+    m.hasQualifiedName("System.IO", "Stream", ["Write", "WriteAsync"]) and
+    stream = mc.getQualifier() and
+    data = mc.getArgument(0)
+    or
+    m.hasQualifiedName("System.IO", "TextWriter",
+      ["Write", "WriteAsync", "WriteLine", "WriteLineAsync"]) and
+    stream = mc.getQualifier() and
+    data = mc.getArgument(0)
+    or
+    m.hasQualifiedName("System.Xml.Linq", "XDocument", ["Save", "SaveAsync"]) and
+    data = mc.getQualifier() and
+    stream = mc.getArgument(0)
+  )
+}
+
+/** A configuration for tracking flow from calls that open a file in write mode to methods that write to that file, excluding encrypted streams. */
+private module LocalFileOutputStreamConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) { sourceNode(src, "file-write") }
+
+  predicate isSink(DataFlow::Node sink) { isFileWriteCall(sink.asExpr(), _) }
+
+  predicate isBarrier(DataFlow::Node node) {
+    node.asExpr()
+        .(ObjectCreation)
+        .getObjectType()
+        .hasQualifiedName("System.Security.Cryptography", "CryptoStream")
+  }
+
+  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
+    exists(ObjectCreation oc |
+      node2.asExpr() = oc and
+      node1.asExpr() = oc.getArgument(0) and
+      oc.getObjectType() instanceof SystemIOStreamWriterClass
+    )
+  }
+}
+
+private module LocalFileOutputStreamFlow = DataFlow::Global<LocalFileOutputStreamConfig>;
+
+/**
+ * A write to the local filesystem.
+ */
+class LocalFileOutputSink extends ExternalLocationSink {
+  LocalFileOutputSink() {
+    exists(DataFlow::Node streamSink |
+      LocalFileOutputStreamFlow::flowTo(streamSink) and
+      isFileWriteCall(streamSink.asExpr(), this.asExpr())
+    )
+  }
+}
--- a/csharp/ql/src/change-notes/2023-04-05-external-location-sinks.md
+++ b/csharp/ql/src/change-notes/2023-04-05-external-location-sinks.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Additional sinks modelling writes to unencrypted local files have been added to `ExternalLocationSink`, used by the `cs/cleartext-storage` and `cs/exposure-of-sensitive-information` queries.
--- a/Features/CWE-312/CleartextStorage.cs
+++ b/Features/CWE-312/CleartextStorage.cs
@@ -2,6 +2,8 @@ using System.Text;
 using System.Web;
 using System.Web.Security;
 using System.Windows.Forms;
+using System.IO;
+using System.Security.Cryptography;

 public class ClearTextStorageHandler : IHttpHandler
 {
@@ -24,6 +26,22 @@ public class ClearTextStorageHandler : IHttpHandler
        logger.Warn(GetPassword());
        // GOOD: Logging encrypted sensitive data
        logger.Warn(Encode(GetPassword(), "Password"));
+
+        // BAD: Storing sensitive data in local file 
+        using (var writeStream = File.Open("passwords.txt", FileMode.Create))
+        {
+            var writer = new StreamWriter(writeStream);
+            writer.Write(GetPassword());
+            writer.Close();
+        }
+
+        // GOOD: Storing encrypted sensitive data
+        using (var writeStream = File.Open("passwords.txt", FileMode.Create))
+        {
+            var writer = new StreamWriter(new CryptoStream(writeStream, GetEncryptor(), CryptoStreamMode.Write));
+            writer.Write(GetPassword());
+            writer.Close();
+        }
    }

    public string Encode(string value, string type)
@@ -31,6 +49,10 @@ public class ClearTextStorageHandler : IHttpHandler
        return Encoding.UTF8.GetString(MachineKey.Protect(Encoding.UTF8.GetBytes(value), type));
    }

+    public ICryptoTransform GetEncryptor(){
+        return null;
+    }
+
    public string GetPassword()
    {
        return "password";
--- a/Features/CWE-312/CleartextStorage.expected
+++ b/Features/CWE-312/CleartextStorage.expected
@@ -1,20 +1,22 @@
 edges
 nodes
-| CleartextStorage.cs:13:50:13:59 | access to field accountKey | semmle.label | access to field accountKey |
-| CleartextStorage.cs:14:62:14:74 | call to method GetPassword | semmle.label | call to method GetPassword |
-| CleartextStorage.cs:15:69:15:81 | call to method GetPassword | semmle.label | call to method GetPassword |
-| CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | semmle.label | call to method GetAccountID |
-| CleartextStorage.cs:24:21:24:33 | call to method GetPassword | semmle.label | call to method GetPassword |
-| CleartextStorage.cs:72:21:72:33 | access to property Text | semmle.label | access to property Text |
-| CleartextStorage.cs:73:21:73:29 | access to property Text | semmle.label | access to property Text |
-| CleartextStorage.cs:74:21:74:29 | access to property Text | semmle.label | access to property Text |
+| CleartextStorage.cs:15:50:15:59 | access to field accountKey | semmle.label | access to field accountKey |
+| CleartextStorage.cs:16:62:16:74 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:17:69:17:81 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | semmle.label | call to method GetAccountID |
+| CleartextStorage.cs:26:21:26:33 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:34:26:34:38 | call to method GetPassword | semmle.label | call to method GetPassword |
+| CleartextStorage.cs:94:21:94:33 | access to property Text | semmle.label | access to property Text |
+| CleartextStorage.cs:95:21:95:29 | access to property Text | semmle.label | access to property Text |
+| CleartextStorage.cs:96:21:96:29 | access to property Text | semmle.label | access to property Text |
 subpaths
 #select
-| CleartextStorage.cs:13:50:13:59 | access to field accountKey | CleartextStorage.cs:13:50:13:59 | access to field accountKey | CleartextStorage.cs:13:50:13:59 | access to field accountKey | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:13:50:13:59 | access to field accountKey | access to field accountKey |
-| CleartextStorage.cs:14:62:14:74 | call to method GetPassword | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:14:62:14:74 | call to method GetPassword | call to method GetPassword |
-| CleartextStorage.cs:15:69:15:81 | call to method GetPassword | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:15:69:15:81 | call to method GetPassword | call to method GetPassword |
-| CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:16:50:16:63 | call to method GetAccountID | call to method GetAccountID |
-| CleartextStorage.cs:24:21:24:33 | call to method GetPassword | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:24:21:24:33 | call to method GetPassword | call to method GetPassword |
-| CleartextStorage.cs:72:21:72:33 | access to property Text | CleartextStorage.cs:72:21:72:33 | access to property Text | CleartextStorage.cs:72:21:72:33 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:72:21:72:33 | access to property Text | access to property Text |
-| CleartextStorage.cs:73:21:73:29 | access to property Text | CleartextStorage.cs:73:21:73:29 | access to property Text | CleartextStorage.cs:73:21:73:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:73:21:73:29 | access to property Text | access to property Text |
-| CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text | CleartextStorage.cs:74:21:74:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:74:21:74:29 | access to property Text | access to property Text |
+| CleartextStorage.cs:15:50:15:59 | access to field accountKey | CleartextStorage.cs:15:50:15:59 | access to field accountKey | CleartextStorage.cs:15:50:15:59 | access to field accountKey | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:15:50:15:59 | access to field accountKey | access to field accountKey |
+| CleartextStorage.cs:16:62:16:74 | call to method GetPassword | CleartextStorage.cs:16:62:16:74 | call to method GetPassword | CleartextStorage.cs:16:62:16:74 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:16:62:16:74 | call to method GetPassword | call to method GetPassword |
+| CleartextStorage.cs:17:69:17:81 | call to method GetPassword | CleartextStorage.cs:17:69:17:81 | call to method GetPassword | CleartextStorage.cs:17:69:17:81 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:17:69:17:81 | call to method GetPassword | call to method GetPassword |
+| CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:18:50:18:63 | call to method GetAccountID | call to method GetAccountID |
+| CleartextStorage.cs:26:21:26:33 | call to method GetPassword | CleartextStorage.cs:26:21:26:33 | call to method GetPassword | CleartextStorage.cs:26:21:26:33 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:26:21:26:33 | call to method GetPassword | call to method GetPassword |
+| CleartextStorage.cs:34:26:34:38 | call to method GetPassword | CleartextStorage.cs:34:26:34:38 | call to method GetPassword | CleartextStorage.cs:34:26:34:38 | call to method GetPassword | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:34:26:34:38 | call to method GetPassword | call to method GetPassword |
+| CleartextStorage.cs:94:21:94:33 | access to property Text | CleartextStorage.cs:94:21:94:33 | access to property Text | CleartextStorage.cs:94:21:94:33 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:94:21:94:33 | access to property Text | access to property Text |
+| CleartextStorage.cs:95:21:95:29 | access to property Text | CleartextStorage.cs:95:21:95:29 | access to property Text | CleartextStorage.cs:95:21:95:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:95:21:95:29 | access to property Text | access to property Text |
+| CleartextStorage.cs:96:21:96:29 | access to property Text | CleartextStorage.cs:96:21:96:29 | access to property Text | CleartextStorage.cs:96:21:96:29 | access to property Text | This stores sensitive data returned by $@ as clear text. | CleartextStorage.cs:96:21:96:29 | access to property Text | access to property Text |
--- a/csharp/ql/test/query-tests/Security
+++ b/csharp/ql/test/query-tests/Security
@@ -1 +1 @@
-semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll {testdir}/../../../../resources/stubs/System.Windows.cs
+semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll /r:System.Security.Cryptography.dll {testdir}/../../../../resources/stubs/System.Windows.cs
--- a/Features/CWE-359/ExposureOfPrivateInformation.cs
+++ b/Features/CWE-359/ExposureOfPrivateInformation.cs
@@ -1,4 +1,6 @@
 using System.Web;
+using System.Security.Cryptography; 
+using System.IO;

 public class Person
 {
@@ -21,9 +23,29 @@ public class ExposureOfPrivateInformationHandler : IHttpHandler
        ILogger logger = new ILogger();
        logger.Warn(p.getTelephone());

+        // BAD: Storing sensitive data in unencrypted local file 
+        using (var writeStream = File.Open("telephones.txt", FileMode.Create))
+        {
+            var writer = new StreamWriter(writeStream);
+            writer.Write(p.getTelephone());
+            writer.Close();
+        }
+
+        // GOOD: Storing encrypted sensitive data
+        using (var writeStream = File.Open("telephones.txt", FileMode.Create))
+        {
+            var writer = new StreamWriter(new CryptoStream(writeStream, GetEncryptor(), CryptoStreamMode.Write));
+            writer.Write(p.getTelephone());
+            writer.Close();
+        }
+
        // GOOD: Don't write these values to sensitive locations in the first place
    }

+    public ICryptoTransform GetEncryptor(){
+        return null;
+    }
+
    public bool IsReusable
    {
        get
--- a/Features/CWE-359/ExposureOfPrivateInformation.expected
+++ b/Features/CWE-359/ExposureOfPrivateInformation.expected
@@ -1,12 +1,14 @@
 edges
 nodes
-| ExposureOfPrivateInformation.cs:16:50:16:84 | access to indexer | semmle.label | access to indexer |
-| ExposureOfPrivateInformation.cs:18:50:18:65 | call to method getTelephone | semmle.label | call to method getTelephone |
-| ExposureOfPrivateInformation.cs:22:21:22:36 | call to method getTelephone | semmle.label | call to method getTelephone |
-| ExposureOfPrivateInformation.cs:40:21:40:33 | access to property Text | semmle.label | access to property Text |
+| ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | semmle.label | access to indexer |
+| ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | semmle.label | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone | semmle.label | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:30:26:30:41 | call to method getTelephone | semmle.label | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:62:21:62:33 | access to property Text | semmle.label | access to property Text |
 subpaths
 #select
-| ExposureOfPrivateInformation.cs:16:50:16:84 | access to indexer | ExposureOfPrivateInformation.cs:16:50:16:84 | access to indexer | ExposureOfPrivateInformation.cs:16:50:16:84 | access to indexer | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:16:50:16:84 | access to indexer | access to indexer |
-| ExposureOfPrivateInformation.cs:18:50:18:65 | call to method getTelephone | ExposureOfPrivateInformation.cs:18:50:18:65 | call to method getTelephone | ExposureOfPrivateInformation.cs:18:50:18:65 | call to method getTelephone | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:18:50:18:65 | call to method getTelephone | call to method getTelephone |
-| ExposureOfPrivateInformation.cs:22:21:22:36 | call to method getTelephone | ExposureOfPrivateInformation.cs:22:21:22:36 | call to method getTelephone | ExposureOfPrivateInformation.cs:22:21:22:36 | call to method getTelephone | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:22:21:22:36 | call to method getTelephone | call to method getTelephone |
-| ExposureOfPrivateInformation.cs:40:21:40:33 | access to property Text | ExposureOfPrivateInformation.cs:40:21:40:33 | access to property Text | ExposureOfPrivateInformation.cs:40:21:40:33 | access to property Text | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:40:21:40:33 | access to property Text | access to property Text |
+| ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:18:50:18:84 | access to indexer | access to indexer |
+| ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:20:50:20:65 | call to method getTelephone | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone | ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone | ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:24:21:24:36 | call to method getTelephone | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:30:26:30:41 | call to method getTelephone | ExposureOfPrivateInformation.cs:30:26:30:41 | call to method getTelephone | ExposureOfPrivateInformation.cs:30:26:30:41 | call to method getTelephone | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:30:26:30:41 | call to method getTelephone | call to method getTelephone |
+| ExposureOfPrivateInformation.cs:62:21:62:33 | access to property Text | ExposureOfPrivateInformation.cs:62:21:62:33 | access to property Text | ExposureOfPrivateInformation.cs:62:21:62:33 | access to property Text | Private data returned by $@ is written to an external location. | ExposureOfPrivateInformation.cs:62:21:62:33 | access to property Text | access to property Text |
--- a/csharp/ql/test/query-tests/Security
+++ b/csharp/ql/test/query-tests/Security
@@ -1 +1 @@
-semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Windows.cs
+semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll /r:System.Security.Cryptography.dll ${testdir}/../../../resources/stubs/System.Windows.cs
--- a/go/extractor/cli/go-autobuilder/go-autobuilder.go
+++ b/go/extractor/cli/go-autobuilder/go-autobuilder.go
@@ -318,7 +318,7 @@ func getNeedGopath(depMode DependencyInstallerMode, importpath string) bool {

 func tryUpdateGoModAndGoSum(modMode ModMode, depMode DependencyInstallerMode) {
 	// Go 1.16 and later won't automatically attempt to update go.mod / go.sum during package loading, so try to update them here:
-	if modMode != ModVendor && depMode == GoGetWithModules && semver.Compare(getEnvGoSemVer(), "1.16") >= 0 {
+	if modMode != ModVendor && depMode == GoGetWithModules && semver.Compare(getEnvGoSemVer(), "v1.16") >= 0 {
 		// stat go.mod and go.sum
 		beforeGoModFileInfo, beforeGoModErr := os.Stat("go.mod")
 		if beforeGoModErr != nil {
--- a/go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlow.qll
@@ -361,3 +361,52 @@ module MergePathGraph<
    }
  }
 }
+
+/**
+ * Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
+ */
+module MergePathGraph3<
+  PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
+  PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
+{
+  private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
+
+  private module Merged =
+    MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
+
+  /** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
+  class PathNode instanceof Merged::PathNode {
+    /** Gets this as a projection on the first given `PathGraph`. */
+    PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
+
+    /** Gets this as a projection on the second given `PathGraph`. */
+    PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
+
+    /** Gets this as a projection on the third given `PathGraph`. */
+    PathNode3 asPathNode3() { result = super.asPathNode2() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the underlying `Node`. */
+    Node getNode() { result = super.getNode() }
+  }
+
+  /**
+   * Provides the query predicates needed to include a graph in a path-problem query.
+   */
+  module PathGraph = Merged::PathGraph;
+}
--- a/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql
+++ b/java/ql/integration-tests/all-platforms/kotlin/default-parameter-mad-flow/test.ql
@@ -3,22 +3,22 @@ import semmle.code.java.dataflow.TaintTracking
 import TestUtilities.InlineExpectationsTest
 private import semmle.code.java.dataflow.ExternalFlow

-class Config extends TaintTracking::Configuration {
-  Config() { this = "Config" }
-
-  override predicate isSource(DataFlow::Node n) {
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) {
    n.asExpr().(MethodAccess).getCallee().getName() = "source"
    or
    sourceNode(n, "kotlinMadFlowTest")
  }

-  override predicate isSink(DataFlow::Node n) {
+  predicate isSink(DataFlow::Node n) {
    n.asExpr().(Argument).getCall().getCallee().getName() = "sink"
    or
    sinkNode(n, "kotlinMadFlowTest")
  }
 }

+module Flow = TaintTracking::Global<Config>;
+
 class InlineFlowTest extends InlineExpectationsTest {
  InlineFlowTest() { this = "HasFlowTest" }

@@ -26,7 +26,7 @@ class InlineFlowTest extends InlineExpectationsTest {

  override predicate hasActualResult(Location location, string element, string tag, string value) {
    tag = "flow" and
-    exists(DataFlow::Node sink, Config c | c.hasFlowTo(sink) |
+    exists(DataFlow::Node sink | Flow::flowTo(sink) |
      sink.getLocation() = location and
      element = sink.toString() and
      value = ""
--- a/java/ql/integration-tests/all-platforms/kotlin/kotlin-interface-inherited-default/test.ql
+++ b/java/ql/integration-tests/all-platforms/kotlin/kotlin-interface-inherited-default/test.ql
@@ -19,18 +19,18 @@ query predicate superAccesses(
  enclosingType = enclosingCallable.getDeclaringType()
 }

-class Config extends DataFlow::Configuration {
-  Config() { this = "testconfig" }
-
-  override predicate isSource(DataFlow::Node x) {
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node x) {
    x.asExpr() instanceof IntegerLiteral and x.getEnclosingCallable().fromSource()
  }

-  override predicate isSink(DataFlow::Node x) {
+  predicate isSink(DataFlow::Node x) {
    x.asExpr().(Argument).getCall().getCallee().getName() = "sink"
  }
 }

-from Config c, DataFlow::Node source, DataFlow::Node sink
-where c.hasFlow(source, sink)
+module Flow = DataFlow::Global<Config>;
+
+from DataFlow::Node source, DataFlow::Node sink
+where Flow::flow(source, sink)
 select source, sink
--- a/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/test.ql
+++ b/java/ql/integration-tests/all-platforms/kotlin/kotlin_java_static_fields/test.ql
@@ -1,17 +1,17 @@
 import java
 import semmle.code.java.dataflow.DataFlow
-import DataFlow::PathGraph
+import Flow::PathGraph

-class Config extends DataFlow::Configuration {
-  Config() { this = "Config" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { n.asExpr().(StringLiteral).getValue() = "taint" }

-  override predicate isSource(DataFlow::Node n) { n.asExpr().(StringLiteral).getValue() = "taint" }
-
-  override predicate isSink(DataFlow::Node n) {
+  predicate isSink(DataFlow::Node n) {
    n.asExpr().(Argument).getCall().getCallee().getName() = "sink"
  }
 }

-from DataFlow::PathNode source, DataFlow::PathNode sink, Config c
-where c.hasFlowPath(source, sink)
+module Flow = DataFlow::Global<Config>;
+
+from Flow::PathNode source, Flow::PathNode sink
+where Flow::flowPath(source, sink)
 select source, source, sink, "flow path"
--- a/java/ql/lib/change-notes/2023-04-24-spring-filecopyutils-sinks.md
+++ b/java/ql/lib/change-notes/2023-04-24-spring-filecopyutils-sinks.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Changed some models of Spring's `FileCopyUtils.copy` to be path injection sinks instead of summaries.
--- a/java/ql/lib/ext/org.springframework.util.model.yml
+++ b/java/ql/lib/ext/org.springframework.util.model.yml
@@ -1,4 +1,12 @@
 extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+    - ["org.springframework.util", "FileCopyUtils", False, "copy", "(byte[],File)", "", "Argument[1]", "create-file", "manual"]
+    - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[0]", "read-file", "manual"]
+    - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[1]", "create-file", "manual"]
+
  - addsTo:
      pack: codeql/java-all
      extensible: summaryModel
@@ -42,7 +50,10 @@ extensions:
      - ["org.springframework.util", "FastByteArrayOutputStream", False, "toByteArray", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.util", "FastByteArrayOutputStream", False, "write", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
      - ["org.springframework.util", "FastByteArrayOutputStream", False, "writeTo", "", "", "Argument[this]", "Argument[0]", "taint", "manual"]
-      - ["org.springframework.util", "FileCopyUtils", False, "copy", "", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "FileCopyUtils", False, "copy", "(byte[],OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "FileCopyUtils", False, "copy", "(InputStream,OutputStream)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "FileCopyUtils", False, "copy", "(Reader,Writer)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["org.springframework.util", "FileCopyUtils", False, "copy", "(String,Writer)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
      - ["org.springframework.util", "FileCopyUtils", False, "copyToByteArray", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.util", "FileCopyUtils", False, "copyToString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.util", "FileSystemUtils", False, "copyRecursively", "(java.io.File,java.io.File)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
--- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlow.qll
@@ -361,3 +361,52 @@ module MergePathGraph<
    }
  }
 }
+
+/**
+ * Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
+ */
+module MergePathGraph3<
+  PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
+  PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
+{
+  private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
+
+  private module Merged =
+    MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
+
+  /** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
+  class PathNode instanceof Merged::PathNode {
+    /** Gets this as a projection on the first given `PathGraph`. */
+    PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
+
+    /** Gets this as a projection on the second given `PathGraph`. */
+    PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
+
+    /** Gets this as a projection on the third given `PathGraph`. */
+    PathNode3 asPathNode3() { result = super.asPathNode2() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the underlying `Node`. */
+    Node getNode() { result = super.getNode() }
+  }
+
+  /**
+   * Provides the query predicates needed to include a graph in a path-problem query.
+   */
+  module PathGraph = Merged::PathGraph;
+}
--- a/java/ql/test/library-tests/frameworks/spring/util/Test.java
+++ b/java/ql/test/library-tests/frameworks/spring/util/Test.java
@@ -380,20 +380,6 @@ public class Test {
 			FileCopyUtils.copy(in, out);
 			sink(out); // $hasTaintFlow
 		}
-		{
-			// "org.springframework.util;FileCopyUtils;false;copy;;;Argument[0];Argument[1];taint;manual"
-			File out = null;
-			byte[] in = (byte[])source();
-			FileCopyUtils.copy(in, out);
-			sink(out); // $hasTaintFlow
-		}
-		{
-			// "org.springframework.util;FileCopyUtils;false;copy;;;Argument[0];Argument[1];taint;manual"
-			File out = null;
-			File in = (File)source();
-			FileCopyUtils.copy(in, out);
-			sink(out); // $hasTaintFlow
-		}
 		{
 			// "org.springframework.util;FileCopyUtils;false;copyToByteArray;;;Argument[0];ReturnValue;taint;manual"
 			byte[] out = null;
--- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected
+++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected
@@ -14,108 +14,114 @@ edges
 | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:99:12:99:33 | new URI(...) |
 | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:100:12:100:45 | new URI(...) |
 | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:33:61:33:68 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:35:41:35:48 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:37:56:37:63 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:39:46:39:53 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:41:38:41:45 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:43:36:43:43 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:45:31:45:38 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:47:33:47:40 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:49:27:49:34 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:50:27:50:34 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:51:34:51:41 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:53:40:53:47 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:54:48:54:55 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:55:47:55:54 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:57:40:57:47 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:59:38:59:45 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:61:33:61:40 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:63:33:63:40 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:65:41:65:48 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:67:42:67:49 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:69:37:69:44 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:71:29:71:36 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:73:37:73:44 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:75:28:75:35 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:77:33:77:40 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:79:40:79:47 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:81:40:81:47 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:82:40:82:47 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:84:38:84:45 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:86:28:86:35 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:87:28:87:35 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:88:28:88:35 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:90:34:90:41 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:91:34:91:41 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:93:33:93:40 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:95:42:95:49 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:97:50:97:57 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:99:54:99:61 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:104:37:104:44 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:106:74:106:81 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:108:68:108:75 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:110:68:110:75 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:112:30:112:37 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:117:30:117:37 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:122:33:122:40 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:124:27:124:34 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:126:28:126:35 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:128:29:128:36 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:133:27:133:34 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:135:26:135:33 | source(...) : String |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:140:29:140:36 | source(...) : String |
-| mad/Test.java:33:61:33:68 | source(...) : String | mad/Test.java:33:52:33:68 | (...)... |
-| mad/Test.java:35:41:35:48 | source(...) : String | mad/Test.java:35:32:35:48 | (...)... |
-| mad/Test.java:37:56:37:63 | source(...) : String | mad/Test.java:37:47:37:63 | (...)... |
-| mad/Test.java:39:46:39:53 | source(...) : String | mad/Test.java:39:39:39:53 | (...)... |
-| mad/Test.java:41:38:41:45 | source(...) : String | mad/Test.java:41:31:41:45 | (...)... |
-| mad/Test.java:43:36:43:43 | source(...) : String | mad/Test.java:43:29:43:43 | (...)... |
-| mad/Test.java:45:31:45:38 | source(...) : String | mad/Test.java:45:24:45:38 | (...)... |
-| mad/Test.java:47:33:47:40 | source(...) : String | mad/Test.java:47:24:47:40 | (...)... |
-| mad/Test.java:49:27:49:34 | source(...) : String | mad/Test.java:49:20:49:34 | (...)... |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:34:61:34:68 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:36:41:36:48 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:38:56:38:63 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:40:46:40:53 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:42:38:42:45 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:44:36:44:43 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:46:31:46:38 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:48:33:48:40 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:50:27:50:34 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:51:27:51:34 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:52:34:52:41 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:54:40:54:47 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:55:48:55:55 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:56:47:56:54 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:58:40:58:47 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:60:38:60:45 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:62:33:62:40 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:64:33:64:40 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:66:41:66:48 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:68:42:68:49 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:70:37:70:44 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:72:29:72:36 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:74:37:74:44 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:76:28:76:35 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:78:33:78:40 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:80:40:80:47 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:82:40:82:47 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:83:40:83:47 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:85:38:85:45 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:87:28:87:35 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:88:28:88:35 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:89:28:89:35 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:91:34:91:41 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:92:34:92:41 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:94:33:94:40 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:96:42:96:49 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:98:50:98:57 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:100:54:100:61 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:102:50:102:57 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:104:35:104:42 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:106:48:106:55 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:111:37:111:44 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:113:74:113:81 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:115:68:115:75 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:117:68:117:75 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:119:30:119:37 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:124:30:124:37 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:129:33:129:40 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:131:27:131:34 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:133:28:133:35 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:135:29:135:36 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:140:27:140:34 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:142:26:142:33 | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:147:29:147:36 | source(...) : String |
+| mad/Test.java:34:61:34:68 | source(...) : String | mad/Test.java:34:52:34:68 | (...)... |
+| mad/Test.java:36:41:36:48 | source(...) : String | mad/Test.java:36:32:36:48 | (...)... |
+| mad/Test.java:38:56:38:63 | source(...) : String | mad/Test.java:38:47:38:63 | (...)... |
+| mad/Test.java:40:46:40:53 | source(...) : String | mad/Test.java:40:39:40:53 | (...)... |
+| mad/Test.java:42:38:42:45 | source(...) : String | mad/Test.java:42:31:42:45 | (...)... |
+| mad/Test.java:44:36:44:43 | source(...) : String | mad/Test.java:44:29:44:43 | (...)... |
+| mad/Test.java:46:31:46:38 | source(...) : String | mad/Test.java:46:24:46:38 | (...)... |
+| mad/Test.java:48:33:48:40 | source(...) : String | mad/Test.java:48:24:48:40 | (...)... |
 | mad/Test.java:50:27:50:34 | source(...) : String | mad/Test.java:50:20:50:34 | (...)... |
-| mad/Test.java:51:34:51:41 | source(...) : String | mad/Test.java:51:20:51:41 | (...)... |
-| mad/Test.java:53:40:53:47 | source(...) : String | mad/Test.java:53:33:53:47 | (...)... |
-| mad/Test.java:54:48:54:55 | source(...) : String | mad/Test.java:54:33:54:55 | (...)... |
-| mad/Test.java:55:47:55:54 | source(...) : String | mad/Test.java:55:40:55:54 | (...)... |
-| mad/Test.java:57:40:57:47 | source(...) : String | mad/Test.java:57:33:57:47 | (...)... |
-| mad/Test.java:59:38:59:45 | source(...) : String | mad/Test.java:59:31:59:45 | (...)... |
-| mad/Test.java:61:33:61:40 | source(...) : String | mad/Test.java:61:26:61:40 | (...)... |
-| mad/Test.java:63:33:63:40 | source(...) : String | mad/Test.java:63:26:63:40 | (...)... |
-| mad/Test.java:65:41:65:48 | source(...) : String | mad/Test.java:65:34:65:48 | (...)... |
-| mad/Test.java:67:42:67:49 | source(...) : String | mad/Test.java:67:35:67:49 | (...)... |
-| mad/Test.java:69:37:69:44 | source(...) : String | mad/Test.java:69:30:69:44 | (...)... |
-| mad/Test.java:71:29:71:36 | source(...) : String | mad/Test.java:71:22:71:36 | (...)... |
-| mad/Test.java:73:37:73:44 | source(...) : String | mad/Test.java:73:30:73:44 | (...)... |
-| mad/Test.java:75:28:75:35 | source(...) : String | mad/Test.java:75:21:75:35 | (...)... |
-| mad/Test.java:77:33:77:40 | source(...) : String | mad/Test.java:77:26:77:40 | (...)... |
-| mad/Test.java:79:40:79:47 | source(...) : String | mad/Test.java:79:33:79:47 | (...)... |
-| mad/Test.java:81:40:81:47 | source(...) : String | mad/Test.java:81:33:81:47 | (...)... |
+| mad/Test.java:51:27:51:34 | source(...) : String | mad/Test.java:51:20:51:34 | (...)... |
+| mad/Test.java:52:34:52:41 | source(...) : String | mad/Test.java:52:20:52:41 | (...)... |
+| mad/Test.java:54:40:54:47 | source(...) : String | mad/Test.java:54:33:54:47 | (...)... |
+| mad/Test.java:55:48:55:55 | source(...) : String | mad/Test.java:55:33:55:55 | (...)... |
+| mad/Test.java:56:47:56:54 | source(...) : String | mad/Test.java:56:40:56:54 | (...)... |
+| mad/Test.java:58:40:58:47 | source(...) : String | mad/Test.java:58:33:58:47 | (...)... |
+| mad/Test.java:60:38:60:45 | source(...) : String | mad/Test.java:60:31:60:45 | (...)... |
+| mad/Test.java:62:33:62:40 | source(...) : String | mad/Test.java:62:26:62:40 | (...)... |
+| mad/Test.java:64:33:64:40 | source(...) : String | mad/Test.java:64:26:64:40 | (...)... |
+| mad/Test.java:66:41:66:48 | source(...) : String | mad/Test.java:66:34:66:48 | (...)... |
+| mad/Test.java:68:42:68:49 | source(...) : String | mad/Test.java:68:35:68:49 | (...)... |
+| mad/Test.java:70:37:70:44 | source(...) : String | mad/Test.java:70:30:70:44 | (...)... |
+| mad/Test.java:72:29:72:36 | source(...) : String | mad/Test.java:72:22:72:36 | (...)... |
+| mad/Test.java:74:37:74:44 | source(...) : String | mad/Test.java:74:30:74:44 | (...)... |
+| mad/Test.java:76:28:76:35 | source(...) : String | mad/Test.java:76:21:76:35 | (...)... |
+| mad/Test.java:78:33:78:40 | source(...) : String | mad/Test.java:78:26:78:40 | (...)... |
+| mad/Test.java:80:40:80:47 | source(...) : String | mad/Test.java:80:33:80:47 | (...)... |
 | mad/Test.java:82:40:82:47 | source(...) : String | mad/Test.java:82:33:82:47 | (...)... |
-| mad/Test.java:84:38:84:45 | source(...) : String | mad/Test.java:84:31:84:45 | (...)... |
-| mad/Test.java:86:28:86:35 | source(...) : String | mad/Test.java:86:21:86:35 | (...)... |
+| mad/Test.java:83:40:83:47 | source(...) : String | mad/Test.java:83:33:83:47 | (...)... |
+| mad/Test.java:85:38:85:45 | source(...) : String | mad/Test.java:85:31:85:45 | (...)... |
 | mad/Test.java:87:28:87:35 | source(...) : String | mad/Test.java:87:21:87:35 | (...)... |
 | mad/Test.java:88:28:88:35 | source(...) : String | mad/Test.java:88:21:88:35 | (...)... |
-| mad/Test.java:90:34:90:41 | source(...) : String | mad/Test.java:90:27:90:41 | (...)... |
+| mad/Test.java:89:28:89:35 | source(...) : String | mad/Test.java:89:21:89:35 | (...)... |
 | mad/Test.java:91:34:91:41 | source(...) : String | mad/Test.java:91:27:91:41 | (...)... |
-| mad/Test.java:93:33:93:40 | source(...) : String | mad/Test.java:93:26:93:40 | (...)... |
-| mad/Test.java:95:42:95:49 | source(...) : String | mad/Test.java:95:35:95:49 | (...)... |
-| mad/Test.java:97:50:97:57 | source(...) : String | mad/Test.java:97:41:97:57 | (...)... |
-| mad/Test.java:99:54:99:61 | source(...) : String | mad/Test.java:99:45:99:61 | (...)... |
-| mad/Test.java:104:37:104:44 | source(...) : String | mad/Test.java:104:30:104:44 | (...)... |
-| mad/Test.java:106:74:106:81 | source(...) : String | mad/Test.java:106:40:106:81 | (...)... |
-| mad/Test.java:108:68:108:75 | source(...) : String | mad/Test.java:108:34:108:75 | (...)... |
-| mad/Test.java:110:68:110:75 | source(...) : String | mad/Test.java:110:34:110:75 | (...)... |
-| mad/Test.java:112:30:112:37 | source(...) : String | mad/Test.java:112:23:112:37 | (...)... |
-| mad/Test.java:117:30:117:37 | source(...) : String | mad/Test.java:117:23:117:37 | (...)... |
-| mad/Test.java:122:33:122:40 | source(...) : String | mad/Test.java:122:23:122:40 | (...)... |
-| mad/Test.java:124:27:124:34 | source(...) : String | mad/Test.java:124:20:124:34 | (...)... |
-| mad/Test.java:126:28:126:35 | source(...) : String | mad/Test.java:126:21:126:35 | (...)... |
-| mad/Test.java:128:29:128:36 | source(...) : String | mad/Test.java:128:22:128:36 | (...)... |
-| mad/Test.java:133:27:133:34 | source(...) : String | mad/Test.java:133:20:133:34 | (...)... |
-| mad/Test.java:135:26:135:33 | source(...) : String | mad/Test.java:135:19:135:33 | (...)... |
-| mad/Test.java:140:29:140:36 | source(...) : String | mad/Test.java:140:20:140:36 | (...)... |
+| mad/Test.java:92:34:92:41 | source(...) : String | mad/Test.java:92:27:92:41 | (...)... |
+| mad/Test.java:94:33:94:40 | source(...) : String | mad/Test.java:94:26:94:40 | (...)... |
+| mad/Test.java:96:42:96:49 | source(...) : String | mad/Test.java:96:35:96:49 | (...)... |
+| mad/Test.java:98:50:98:57 | source(...) : String | mad/Test.java:98:41:98:57 | (...)... |
+| mad/Test.java:100:54:100:61 | source(...) : String | mad/Test.java:100:45:100:61 | (...)... |
+| mad/Test.java:102:50:102:57 | source(...) : String | mad/Test.java:102:43:102:57 | (...)... |
+| mad/Test.java:104:35:104:42 | source(...) : String | mad/Test.java:104:28:104:42 | (...)... |
+| mad/Test.java:106:48:106:55 | source(...) : String | mad/Test.java:106:41:106:55 | (...)... |
+| mad/Test.java:111:37:111:44 | source(...) : String | mad/Test.java:111:30:111:44 | (...)... |
+| mad/Test.java:113:74:113:81 | source(...) : String | mad/Test.java:113:40:113:81 | (...)... |
+| mad/Test.java:115:68:115:75 | source(...) : String | mad/Test.java:115:34:115:75 | (...)... |
+| mad/Test.java:117:68:117:75 | source(...) : String | mad/Test.java:117:34:117:75 | (...)... |
+| mad/Test.java:119:30:119:37 | source(...) : String | mad/Test.java:119:23:119:37 | (...)... |
+| mad/Test.java:124:30:124:37 | source(...) : String | mad/Test.java:124:23:124:37 | (...)... |
+| mad/Test.java:129:33:129:40 | source(...) : String | mad/Test.java:129:23:129:40 | (...)... |
+| mad/Test.java:131:27:131:34 | source(...) : String | mad/Test.java:131:20:131:34 | (...)... |
+| mad/Test.java:133:28:133:35 | source(...) : String | mad/Test.java:133:21:133:35 | (...)... |
+| mad/Test.java:135:29:135:36 | source(...) : String | mad/Test.java:135:22:135:36 | (...)... |
+| mad/Test.java:140:27:140:34 | source(...) : String | mad/Test.java:140:20:140:34 | (...)... |
+| mad/Test.java:142:26:142:33 | source(...) : String | mad/Test.java:142:19:142:33 | (...)... |
+| mad/Test.java:147:29:147:36 | source(...) : String | mad/Test.java:147:20:147:36 | (...)... |
 nodes
 | Test.java:19:18:19:38 | getHostName(...) : String | semmle.label | getHostName(...) : String |
 | Test.java:24:20:24:23 | temp | semmle.label | temp |
@@ -136,109 +142,115 @@ nodes
 | Test.java:99:12:99:33 | new URI(...) | semmle.label | new URI(...) |
 | Test.java:100:12:100:45 | new URI(...) | semmle.label | new URI(...) |
 | Test.java:101:12:101:54 | new URI(...) | semmle.label | new URI(...) |
-| mad/Test.java:28:16:28:36 | getHostName(...) : String | semmle.label | getHostName(...) : String |
-| mad/Test.java:33:52:33:68 | (...)... | semmle.label | (...)... |
-| mad/Test.java:33:61:33:68 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:35:32:35:48 | (...)... | semmle.label | (...)... |
-| mad/Test.java:35:41:35:48 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:37:47:37:63 | (...)... | semmle.label | (...)... |
-| mad/Test.java:37:56:37:63 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:39:39:39:53 | (...)... | semmle.label | (...)... |
-| mad/Test.java:39:46:39:53 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:41:31:41:45 | (...)... | semmle.label | (...)... |
-| mad/Test.java:41:38:41:45 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:43:29:43:43 | (...)... | semmle.label | (...)... |
-| mad/Test.java:43:36:43:43 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:45:24:45:38 | (...)... | semmle.label | (...)... |
-| mad/Test.java:45:31:45:38 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:47:24:47:40 | (...)... | semmle.label | (...)... |
-| mad/Test.java:47:33:47:40 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:49:20:49:34 | (...)... | semmle.label | (...)... |
-| mad/Test.java:49:27:49:34 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:29:16:29:36 | getHostName(...) : String | semmle.label | getHostName(...) : String |
+| mad/Test.java:34:52:34:68 | (...)... | semmle.label | (...)... |
+| mad/Test.java:34:61:34:68 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:36:32:36:48 | (...)... | semmle.label | (...)... |
+| mad/Test.java:36:41:36:48 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:38:47:38:63 | (...)... | semmle.label | (...)... |
+| mad/Test.java:38:56:38:63 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:40:39:40:53 | (...)... | semmle.label | (...)... |
+| mad/Test.java:40:46:40:53 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:42:31:42:45 | (...)... | semmle.label | (...)... |
+| mad/Test.java:42:38:42:45 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:44:29:44:43 | (...)... | semmle.label | (...)... |
+| mad/Test.java:44:36:44:43 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:46:24:46:38 | (...)... | semmle.label | (...)... |
+| mad/Test.java:46:31:46:38 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:48:24:48:40 | (...)... | semmle.label | (...)... |
+| mad/Test.java:48:33:48:40 | source(...) : String | semmle.label | source(...) : String |
 | mad/Test.java:50:20:50:34 | (...)... | semmle.label | (...)... |
 | mad/Test.java:50:27:50:34 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:51:20:51:41 | (...)... | semmle.label | (...)... |
-| mad/Test.java:51:34:51:41 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:53:33:53:47 | (...)... | semmle.label | (...)... |
-| mad/Test.java:53:40:53:47 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:54:33:54:55 | (...)... | semmle.label | (...)... |
-| mad/Test.java:54:48:54:55 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:55:40:55:54 | (...)... | semmle.label | (...)... |
-| mad/Test.java:55:47:55:54 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:57:33:57:47 | (...)... | semmle.label | (...)... |
-| mad/Test.java:57:40:57:47 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:59:31:59:45 | (...)... | semmle.label | (...)... |
-| mad/Test.java:59:38:59:45 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:61:26:61:40 | (...)... | semmle.label | (...)... |
-| mad/Test.java:61:33:61:40 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:63:26:63:40 | (...)... | semmle.label | (...)... |
-| mad/Test.java:63:33:63:40 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:65:34:65:48 | (...)... | semmle.label | (...)... |
-| mad/Test.java:65:41:65:48 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:67:35:67:49 | (...)... | semmle.label | (...)... |
-| mad/Test.java:67:42:67:49 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:69:30:69:44 | (...)... | semmle.label | (...)... |
-| mad/Test.java:69:37:69:44 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:71:22:71:36 | (...)... | semmle.label | (...)... |
-| mad/Test.java:71:29:71:36 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:73:30:73:44 | (...)... | semmle.label | (...)... |
-| mad/Test.java:73:37:73:44 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:75:21:75:35 | (...)... | semmle.label | (...)... |
-| mad/Test.java:75:28:75:35 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:77:26:77:40 | (...)... | semmle.label | (...)... |
-| mad/Test.java:77:33:77:40 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:79:33:79:47 | (...)... | semmle.label | (...)... |
-| mad/Test.java:79:40:79:47 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:81:33:81:47 | (...)... | semmle.label | (...)... |
-| mad/Test.java:81:40:81:47 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:51:20:51:34 | (...)... | semmle.label | (...)... |
+| mad/Test.java:51:27:51:34 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:52:20:52:41 | (...)... | semmle.label | (...)... |
+| mad/Test.java:52:34:52:41 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:54:33:54:47 | (...)... | semmle.label | (...)... |
+| mad/Test.java:54:40:54:47 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:55:33:55:55 | (...)... | semmle.label | (...)... |
+| mad/Test.java:55:48:55:55 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:56:40:56:54 | (...)... | semmle.label | (...)... |
+| mad/Test.java:56:47:56:54 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:58:33:58:47 | (...)... | semmle.label | (...)... |
+| mad/Test.java:58:40:58:47 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:60:31:60:45 | (...)... | semmle.label | (...)... |
+| mad/Test.java:60:38:60:45 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:62:26:62:40 | (...)... | semmle.label | (...)... |
+| mad/Test.java:62:33:62:40 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:64:26:64:40 | (...)... | semmle.label | (...)... |
+| mad/Test.java:64:33:64:40 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:66:34:66:48 | (...)... | semmle.label | (...)... |
+| mad/Test.java:66:41:66:48 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:68:35:68:49 | (...)... | semmle.label | (...)... |
+| mad/Test.java:68:42:68:49 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:70:30:70:44 | (...)... | semmle.label | (...)... |
+| mad/Test.java:70:37:70:44 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:72:22:72:36 | (...)... | semmle.label | (...)... |
+| mad/Test.java:72:29:72:36 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:74:30:74:44 | (...)... | semmle.label | (...)... |
+| mad/Test.java:74:37:74:44 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:76:21:76:35 | (...)... | semmle.label | (...)... |
+| mad/Test.java:76:28:76:35 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:78:26:78:40 | (...)... | semmle.label | (...)... |
+| mad/Test.java:78:33:78:40 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:80:33:80:47 | (...)... | semmle.label | (...)... |
+| mad/Test.java:80:40:80:47 | source(...) : String | semmle.label | source(...) : String |
 | mad/Test.java:82:33:82:47 | (...)... | semmle.label | (...)... |
 | mad/Test.java:82:40:82:47 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:84:31:84:45 | (...)... | semmle.label | (...)... |
-| mad/Test.java:84:38:84:45 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:86:21:86:35 | (...)... | semmle.label | (...)... |
-| mad/Test.java:86:28:86:35 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:83:33:83:47 | (...)... | semmle.label | (...)... |
+| mad/Test.java:83:40:83:47 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:85:31:85:45 | (...)... | semmle.label | (...)... |
+| mad/Test.java:85:38:85:45 | source(...) : String | semmle.label | source(...) : String |
 | mad/Test.java:87:21:87:35 | (...)... | semmle.label | (...)... |
 | mad/Test.java:87:28:87:35 | source(...) : String | semmle.label | source(...) : String |
 | mad/Test.java:88:21:88:35 | (...)... | semmle.label | (...)... |
 | mad/Test.java:88:28:88:35 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:90:27:90:41 | (...)... | semmle.label | (...)... |
-| mad/Test.java:90:34:90:41 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:89:21:89:35 | (...)... | semmle.label | (...)... |
+| mad/Test.java:89:28:89:35 | source(...) : String | semmle.label | source(...) : String |
 | mad/Test.java:91:27:91:41 | (...)... | semmle.label | (...)... |
 | mad/Test.java:91:34:91:41 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:93:26:93:40 | (...)... | semmle.label | (...)... |
-| mad/Test.java:93:33:93:40 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:95:35:95:49 | (...)... | semmle.label | (...)... |
-| mad/Test.java:95:42:95:49 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:97:41:97:57 | (...)... | semmle.label | (...)... |
-| mad/Test.java:97:50:97:57 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:99:45:99:61 | (...)... | semmle.label | (...)... |
-| mad/Test.java:99:54:99:61 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:104:30:104:44 | (...)... | semmle.label | (...)... |
-| mad/Test.java:104:37:104:44 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:106:40:106:81 | (...)... | semmle.label | (...)... |
-| mad/Test.java:106:74:106:81 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:108:34:108:75 | (...)... | semmle.label | (...)... |
-| mad/Test.java:108:68:108:75 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:110:34:110:75 | (...)... | semmle.label | (...)... |
-| mad/Test.java:110:68:110:75 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:112:23:112:37 | (...)... | semmle.label | (...)... |
-| mad/Test.java:112:30:112:37 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:117:23:117:37 | (...)... | semmle.label | (...)... |
-| mad/Test.java:117:30:117:37 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:122:23:122:40 | (...)... | semmle.label | (...)... |
-| mad/Test.java:122:33:122:40 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:124:20:124:34 | (...)... | semmle.label | (...)... |
-| mad/Test.java:124:27:124:34 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:126:21:126:35 | (...)... | semmle.label | (...)... |
-| mad/Test.java:126:28:126:35 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:128:22:128:36 | (...)... | semmle.label | (...)... |
-| mad/Test.java:128:29:128:36 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:133:20:133:34 | (...)... | semmle.label | (...)... |
-| mad/Test.java:133:27:133:34 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:135:19:135:33 | (...)... | semmle.label | (...)... |
-| mad/Test.java:135:26:135:33 | source(...) : String | semmle.label | source(...) : String |
-| mad/Test.java:140:20:140:36 | (...)... | semmle.label | (...)... |
-| mad/Test.java:140:29:140:36 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:92:27:92:41 | (...)... | semmle.label | (...)... |
+| mad/Test.java:92:34:92:41 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:94:26:94:40 | (...)... | semmle.label | (...)... |
+| mad/Test.java:94:33:94:40 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:96:35:96:49 | (...)... | semmle.label | (...)... |
+| mad/Test.java:96:42:96:49 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:98:41:98:57 | (...)... | semmle.label | (...)... |
+| mad/Test.java:98:50:98:57 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:100:45:100:61 | (...)... | semmle.label | (...)... |
+| mad/Test.java:100:54:100:61 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:102:43:102:57 | (...)... | semmle.label | (...)... |
+| mad/Test.java:102:50:102:57 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:104:28:104:42 | (...)... | semmle.label | (...)... |
+| mad/Test.java:104:35:104:42 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:106:41:106:55 | (...)... | semmle.label | (...)... |
+| mad/Test.java:106:48:106:55 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:111:30:111:44 | (...)... | semmle.label | (...)... |
+| mad/Test.java:111:37:111:44 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:113:40:113:81 | (...)... | semmle.label | (...)... |
+| mad/Test.java:113:74:113:81 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:115:34:115:75 | (...)... | semmle.label | (...)... |
+| mad/Test.java:115:68:115:75 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:117:34:117:75 | (...)... | semmle.label | (...)... |
+| mad/Test.java:117:68:117:75 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:119:23:119:37 | (...)... | semmle.label | (...)... |
+| mad/Test.java:119:30:119:37 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:124:23:124:37 | (...)... | semmle.label | (...)... |
+| mad/Test.java:124:30:124:37 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:129:23:129:40 | (...)... | semmle.label | (...)... |
+| mad/Test.java:129:33:129:40 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:131:20:131:34 | (...)... | semmle.label | (...)... |
+| mad/Test.java:131:27:131:34 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:133:21:133:35 | (...)... | semmle.label | (...)... |
+| mad/Test.java:133:28:133:35 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:135:22:135:36 | (...)... | semmle.label | (...)... |
+| mad/Test.java:135:29:135:36 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:140:20:140:34 | (...)... | semmle.label | (...)... |
+| mad/Test.java:140:27:140:34 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:142:19:142:33 | (...)... | semmle.label | (...)... |
+| mad/Test.java:142:26:142:33 | source(...) : String | semmle.label | source(...) : String |
+| mad/Test.java:147:20:147:36 | (...)... | semmle.label | (...)... |
+| mad/Test.java:147:29:147:36 | source(...) : String | semmle.label | source(...) : String |
 subpaths
 #select
 | Test.java:24:11:24:24 | new File(...) | Test.java:19:18:19:38 | getHostName(...) : String | Test.java:24:20:24:23 | temp | This path depends on a $@. | Test.java:19:18:19:38 | getHostName(...) | user-provided value |
@@ -252,54 +264,57 @@ subpaths
 | Test.java:99:3:99:34 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:99:12:99:33 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value |
 | Test.java:100:3:100:46 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:100:12:100:45 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value |
 | Test.java:101:3:101:55 | new File(...) | Test.java:95:14:95:34 | getHostName(...) : String | Test.java:101:12:101:54 | new URI(...) | This path depends on a $@. | Test.java:95:14:95:34 | getHostName(...) | user-provided value |
-| mad/Test.java:33:52:33:68 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:33:52:33:68 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:35:32:35:48 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:35:32:35:48 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:37:47:37:63 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:37:47:37:63 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:39:39:39:53 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:39:39:39:53 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:41:31:41:45 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:41:31:41:45 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:43:29:43:43 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:43:29:43:43 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:45:24:45:38 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:45:24:45:38 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:47:9:47:41 | new FileReader(...) | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:47:24:47:40 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:49:20:49:34 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:49:20:49:34 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:50:20:50:34 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:50:20:50:34 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:51:20:51:41 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:51:20:51:41 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:53:33:53:47 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:53:33:53:47 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:54:33:54:55 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:54:33:54:55 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:55:40:55:54 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:55:40:55:54 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:57:33:57:47 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:57:33:57:47 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:59:31:59:45 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:59:31:59:45 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:61:26:61:40 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:61:26:61:40 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:63:26:63:40 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:63:26:63:40 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:65:34:65:48 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:65:34:65:48 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:67:35:67:49 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:67:35:67:49 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:69:30:69:44 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:69:30:69:44 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:71:22:71:36 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:71:22:71:36 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:73:30:73:44 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:73:30:73:44 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:75:21:75:35 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:75:21:75:35 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:77:26:77:40 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:77:26:77:40 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:79:33:79:47 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:79:33:79:47 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:81:33:81:47 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:81:33:81:47 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:82:33:82:47 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:82:33:82:47 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:84:31:84:45 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:84:31:84:45 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:86:21:86:35 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:86:21:86:35 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:87:21:87:35 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:87:21:87:35 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:88:21:88:35 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:88:21:88:35 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:90:27:90:41 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:90:27:90:41 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:91:27:91:41 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:91:27:91:41 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:93:26:93:40 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:93:26:93:40 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:95:35:95:49 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:95:35:95:49 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:97:41:97:57 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:97:41:97:57 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:99:45:99:61 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:99:45:99:61 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:104:30:104:44 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:104:30:104:44 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:106:40:106:81 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:106:40:106:81 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:108:34:108:75 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:108:34:108:75 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:110:34:110:75 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:110:34:110:75 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:112:23:112:37 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:112:23:112:37 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:117:23:117:37 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:117:23:117:37 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:122:23:122:40 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:122:23:122:40 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:124:20:124:34 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:124:20:124:34 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:126:21:126:35 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:126:21:126:35 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:128:22:128:36 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:128:22:128:36 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:133:20:133:34 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:133:20:133:34 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:135:19:135:33 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:135:19:135:33 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
-| mad/Test.java:140:20:140:36 | (...)... | mad/Test.java:28:16:28:36 | getHostName(...) : String | mad/Test.java:140:20:140:36 | (...)... | This path depends on a $@. | mad/Test.java:28:16:28:36 | getHostName(...) | user-provided value |
+| mad/Test.java:34:52:34:68 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:34:52:34:68 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:36:32:36:48 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:36:32:36:48 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:38:47:38:63 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:38:47:38:63 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:40:39:40:53 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:40:39:40:53 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:42:31:42:45 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:42:31:42:45 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:44:29:44:43 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:44:29:44:43 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:46:24:46:38 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:46:24:46:38 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:48:9:48:41 | new FileReader(...) | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:48:24:48:40 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:50:20:50:34 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:50:20:50:34 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:51:20:51:34 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:51:20:51:34 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:52:20:52:41 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:52:20:52:41 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:54:33:54:47 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:54:33:54:47 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:55:33:55:55 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:55:33:55:55 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:56:40:56:54 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:56:40:56:54 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:58:33:58:47 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:58:33:58:47 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:60:31:60:45 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:60:31:60:45 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:62:26:62:40 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:62:26:62:40 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:64:26:64:40 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:64:26:64:40 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:66:34:66:48 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:66:34:66:48 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:68:35:68:49 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:68:35:68:49 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:70:30:70:44 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:70:30:70:44 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:72:22:72:36 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:72:22:72:36 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:74:30:74:44 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:74:30:74:44 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:76:21:76:35 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:76:21:76:35 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:78:26:78:40 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:78:26:78:40 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:80:33:80:47 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:80:33:80:47 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:82:33:82:47 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:82:33:82:47 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:83:33:83:47 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:83:33:83:47 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:85:31:85:45 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:85:31:85:45 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:87:21:87:35 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:87:21:87:35 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:88:21:88:35 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:88:21:88:35 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:89:21:89:35 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:89:21:89:35 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:91:27:91:41 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:91:27:91:41 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:92:27:92:41 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:92:27:92:41 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:94:26:94:40 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:94:26:94:40 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:96:35:96:49 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:96:35:96:49 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:98:41:98:57 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:98:41:98:57 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:100:45:100:61 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:100:45:100:61 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:102:43:102:57 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:102:43:102:57 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:104:28:104:42 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:104:28:104:42 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:106:41:106:55 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:106:41:106:55 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:111:30:111:44 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:111:30:111:44 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:113:40:113:81 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:113:40:113:81 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:115:34:115:75 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:115:34:115:75 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:117:34:117:75 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:117:34:117:75 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:119:23:119:37 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:119:23:119:37 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:124:23:124:37 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:124:23:124:37 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:129:23:129:40 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:129:23:129:40 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:131:20:131:34 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:131:20:131:34 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:133:21:133:35 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:133:21:133:35 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:135:22:135:36 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:135:22:135:36 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:140:20:140:34 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:140:20:140:34 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:142:19:142:33 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:142:19:142:33 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
+| mad/Test.java:147:20:147:36 | (...)... | mad/Test.java:29:16:29:36 | getHostName(...) : String | mad/Test.java:147:20:147:36 | (...)... | This path depends on a $@. | mad/Test.java:29:16:29:36 | getHostName(...) | user-provided value |
--- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java
+++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/mad/Test.java
@@ -19,6 +19,7 @@ import org.apache.tools.ant.types.FileSet;
 import org.codehaus.cargo.container.installer.ZipURLInstaller;
 import org.kohsuke.stapler.framework.io.LargeText;
 import org.openjdk.jmh.runner.options.ChainedOptionsBuilder;
+import org.springframework.util.FileCopyUtils;

 public class Test {

@@ -97,6 +98,12 @@ public class Test {
        new ZipURLInstaller((URL) null, (String) source(), "");
        // "org.codehaus.cargo.container.installer;ZipURLInstaller;true;ZipURLInstaller;(URL,String,String);;Argument[2];create-file;ai-generated"
        new ZipURLInstaller((URL) null, "", (String) source());
+        // "org.springframework.util;FileCopyUtils;false;copy;(byte[],File);;Argument[1];create-file;manual"
+        FileCopyUtils.copy((byte[]) null, (File) source());
+        // "org.springframework.util;FileCopyUtils;false;copy;(File,File);;Argument[0];create-file;manual"
+        FileCopyUtils.copy((File) source(), null);
+        // "org.springframework.util;FileCopyUtils;false;copy;(File,File);;Argument[1];create-file;manual"
+        FileCopyUtils.copy((File) null, (File) source());
    }

    void test(AntClassLoader acl) {
--- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/options
+++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/options
@@ -1 +1 @@
-// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/apache-commons-io-2.6:${testdir}/../../../../../stubs/cargo:${testdir}/../../../../../stubs/apache-ant-1.10.13:${testdir}/../../../../../stubs/stapler-1.263:${testdir}/../../../../../stubs/javax-servlet-2.5:${testdir}/../../../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../../../stubs/saxon-xqj-9.x:${testdir}/../../../../../stubs/apache-commons-beanutils:${testdir}/../../../../../stubs/dom4j-2.1.1:${testdir}/../../../../../stubs/apache-commons-lang:${testdir}/../../../../../stubs/jaxen-1.2.0:${testdir}/../../../../../stubs/jmh-1.3.6
+// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/apache-commons-io-2.6:${testdir}/../../../../../stubs/cargo:${testdir}/../../../../../stubs/apache-ant-1.10.13:${testdir}/../../../../../stubs/stapler-1.263:${testdir}/../../../../../stubs/javax-servlet-2.5:${testdir}/../../../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../../../stubs/saxon-xqj-9.x:${testdir}/../../../../../stubs/apache-commons-beanutils:${testdir}/../../../../../stubs/dom4j-2.1.1:${testdir}/../../../../../stubs/apache-commons-lang:${testdir}/../../../../../stubs/jaxen-1.2.0:${testdir}/../../../../../stubs/jmh-1.3.6:${testdir}/../../../../../stubs/springframework-5.3.8
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlow.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlow.qll
@@ -361,3 +361,52 @@ module MergePathGraph<
    }
  }
 }
+
+/**
+ * Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
+ */
+module MergePathGraph3<
+  PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
+  PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
+{
+  private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
+
+  private module Merged =
+    MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
+
+  /** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
+  class PathNode instanceof Merged::PathNode {
+    /** Gets this as a projection on the first given `PathGraph`. */
+    PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
+
+    /** Gets this as a projection on the second given `PathGraph`. */
+    PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
+
+    /** Gets this as a projection on the third given `PathGraph`. */
+    PathNode3 asPathNode3() { result = super.asPathNode2() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the underlying `Node`. */
+    Node getNode() { result = super.getNode() }
+  }
+
+  /**
+   * Provides the query predicates needed to include a graph in a path-problem query.
+   */
+  module PathGraph = Merged::PathGraph;
+}
--- a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql
+++ b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql
@@ -16,11 +16,17 @@ import semmle.python.ApiGraphs

 private API::Node unsafe_paramiko_policy(string name) {
  name in ["AutoAddPolicy", "WarningPolicy"] and
-  result = API::moduleImport("paramiko").getMember("client").getMember(name)
+  (
+    result = API::moduleImport("paramiko").getMember("client").getMember(name)
+    or
+    result = API::moduleImport("paramiko").getMember(name)
+  )
 }

 private API::Node paramikoSshClientInstance() {
  result = API::moduleImport("paramiko").getMember("client").getMember("SSHClient").getReturn()
+  or
+  result = API::moduleImport("paramiko").getMember("SSHClient").getReturn()
 }

 from DataFlow::CallCfgNode call, DataFlow::Node arg, string name
--- a/python/ql/test/query-tests/Security/CWE-295-MissingHostKeyValidation/MissingHostKeyValidation.expected
+++ b/python/ql/test/query-tests/Security/CWE-295-MissingHostKeyValidation/MissingHostKeyValidation.expected
@@ -2,3 +2,4 @@
 | paramiko_host_key.py:7:1:7:49 | ControlFlowNode for Attribute() | Setting missing host key policy to WarningPolicy may be unsafe. |
 | paramiko_host_key.py:11:1:11:51 | ControlFlowNode for Attribute() | Setting missing host key policy to AutoAddPolicy may be unsafe. |
 | paramiko_host_key.py:13:1:13:51 | ControlFlowNode for Attribute() | Setting missing host key policy to WarningPolicy may be unsafe. |
+| paramiko_host_key.py:20:1:20:58 | ControlFlowNode for Attribute() | Setting missing host key policy to AutoAddPolicy may be unsafe. |
--- a/python/ql/test/query-tests/Security/CWE-295-MissingHostKeyValidation/paramiko_host_key.py
+++ b/python/ql/test/query-tests/Security/CWE-295-MissingHostKeyValidation/paramiko_host_key.py
@@ -11,3 +11,10 @@ client.set_missing_host_key_policy(WarningPolicy) # bad
 client.set_missing_host_key_policy(AutoAddPolicy()) # bad
 client.set_missing_host_key_policy(RejectPolicy())  # good
 client.set_missing_host_key_policy(WarningPolicy()) # bad
+
+# different import
+
+import paramiko
+
+client = paramiko.SSHClient()
+client.set_missing_host_key_policy(paramiko.AutoAddPolicy) # bad
--- a/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
+++ b/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll
@@ -952,6 +952,8 @@ private module DestructuredAssignDesugar {
  }

  abstract private class LhsWithReceiver extends Expr {
+    LhsWithReceiver() { this = any(DestructuredAssignExpr dae).getElement(_) }
+
    abstract Expr getReceiver();

    abstract SynthKind getSynthKind();
@@ -960,8 +962,14 @@ private module DestructuredAssignDesugar {
  private class LhsCall extends LhsWithReceiver instanceof MethodCall {
    final override Expr getReceiver() { result = MethodCall.super.getReceiver() }

+    pragma[nomagic]
+    private string getMethodName(int args) {
+      result = super.getMethodName() and
+      args = super.getNumberOfArguments()
+    }
+
    final override SynthKind getSynthKind() {
-      result = MethodCallKind(super.getMethodName(), false, super.getNumberOfArguments())
+      exists(int args | result = MethodCallKind(this.getMethodName(args), false, args))
    }
  }

@@ -1154,9 +1162,7 @@ private module DestructuredAssignDesugar {
      )
    }

-    final override predicate excludeFromControlFlowTree(AstNode n) {
-      n = any(DestructuredAssignExpr tae).getElement(_).(LhsWithReceiver)
-    }
+    final override predicate excludeFromControlFlowTree(AstNode n) { n instanceof LhsWithReceiver }
  }
 }

@@ -1211,12 +1217,11 @@ private module HashLiteralDesugar {
      child = SynthChild(MethodCallKind("[]", false, hl.getNumberOfElements()))
      or
      parent = TMethodCallSynth(hl, -1, _, _, _) and
-      (
-        i = 0 and
-        child = SynthChild(ConstantReadAccessKind("::Hash"))
-        or
-        child = childRef(hl.getElement(i - 1))
-      )
+      i = 0 and
+      child = SynthChild(ConstantReadAccessKind("::Hash"))
+      or
+      parent = TMethodCallSynth(hl, -1, _, _, _) and
+      child = childRef(hl.getElement(i - 1))
    )
  }

--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlow.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlow.qll
@@ -361,3 +361,52 @@ module MergePathGraph<
    }
  }
 }
+
+/**
+ * Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
+ */
+module MergePathGraph3<
+  PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
+  PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
+{
+  private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
+
+  private module Merged =
+    MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
+
+  /** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
+  class PathNode instanceof Merged::PathNode {
+    /** Gets this as a projection on the first given `PathGraph`. */
+    PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
+
+    /** Gets this as a projection on the second given `PathGraph`. */
+    PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
+
+    /** Gets this as a projection on the third given `PathGraph`. */
+    PathNode3 asPathNode3() { result = super.asPathNode2() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the underlying `Node`. */
+    Node getNode() { result = super.getNode() }
+  }
+
+  /**
+   * Provides the query predicates needed to include a graph in a path-problem query.
+   */
+  module PathGraph = Merged::PathGraph;
+}
--- a/swift/extractor/SwiftExtractor.cpp
+++ b/swift/extractor/SwiftExtractor.cpp
@@ -14,6 +14,7 @@
 #include "swift/extractor/infra/SwiftLocationExtractor.h"
 #include "swift/extractor/infra/SwiftBodyEmissionStrategy.h"
 #include "swift/extractor/mangler/SwiftMangler.h"
+#include <picosha2.h>

 using namespace codeql;
 using namespace std::string_literals;
@@ -50,8 +51,20 @@ static fs::path getFilename(swift::ModuleDecl& module,
    return resolvePath(primaryFile->getFilename());
  }
  if (lazyDeclaration) {
+    // this code will be thrown away in the near future
    SwiftMangler mangler;
-    return mangler.mangledName(*lazyDeclaration);
+    auto mangled = mangler.mangledName(*lazyDeclaration);
+    // mangled name can be too long to use as a file name, so we can't use it directly
+    mangled = picosha2::hash256_hex_string(mangled);
+    std::string ret;
+    ret += module.getRealName().str();
+    ret += '_';
+    // lazyDeclaration must be a ValueDecl, as already asserted in SwiftMangler::mangledName
+    ret += llvm::cast<swift::ValueDecl>(lazyDeclaration)->getBaseName().userFacingName();
+    ret += '_';
+    // half a SHA2 is enough
+    ret += std::string_view(mangled).substr(0, mangled.size() / 2);
+    return ret;
  }
  // PCM clang module
  if (module.isNonSwiftModule()) {
--- a/swift/extractor/invocation/SwiftDiagnosticsConsumer.cpp
+++ b/swift/extractor/invocation/SwiftDiagnosticsConsumer.cpp
@@ -1,5 +1,5 @@
 #include "swift/extractor/invocation/SwiftDiagnosticsConsumer.h"
-#include "swift/extractor/trap/generated/TrapClasses.h"
+#include "swift/extractor/trap/generated/TrapEntries.h"
 #include "swift/extractor/trap/TrapDomain.h"
 #include "swift/extractor/infra/SwiftDiagnosticKind.h"

@@ -13,17 +13,13 @@ using namespace codeql;

 void SwiftDiagnosticsConsumer::handleDiagnostic(swift::SourceManager& sourceManager,
                                                const swift::DiagnosticInfo& diagInfo) {
-  if (diagInfo.IsChildNote) return;
-  Diagnostics diag{trap.createLabel<DiagnosticsTag>()};
+  auto message = getDiagMessage(sourceManager, diagInfo);
+  DiagnosticsTrap diag{};
+  diag.id = trap.createLabel<DiagnosticsTag>();
  diag.kind = translateDiagnosticsKind(diagInfo.Kind);
-  diag.text = getDiagMessage(sourceManager, diagInfo);
+  diag.text = message;
  trap.emit(diag);
-  locationExtractor.attachLocation(sourceManager, diagInfo.Loc, diag.id);
-
-  forwardToLog(sourceManager, diagInfo, diag.text);
-  for (const auto& child : diagInfo.ChildDiagnosticInfo) {
-    forwardToLog(sourceManager, *child);
-  }
+  locationExtractor.attachLocation(sourceManager, diagInfo.Loc, diagInfo.Loc, diag.id);
 }

 std::string SwiftDiagnosticsConsumer::getDiagMessage(swift::SourceManager& sourceManager,
@@ -33,29 +29,3 @@ std::string SwiftDiagnosticsConsumer::getDiagMessage(swift::SourceManager& sourc
  swift::DiagnosticEngine::formatDiagnosticText(out, diagInfo.FormatString, diagInfo.FormatArgs);
  return text.str().str();
 }
-
-void SwiftDiagnosticsConsumer::forwardToLog(swift::SourceManager& sourceManager,
-                                            const swift::DiagnosticInfo& diagInfo,
-                                            const std::string& message) {
-  auto file = sourceManager.getDisplayNameForLoc(diagInfo.Loc);
-  auto [line, column] = sourceManager.getLineAndColumnInBuffer(diagInfo.Loc);
-  using Kind = swift::DiagnosticKind;
-  switch (diagInfo.Kind) {
-    case Kind::Error:
-      LOG_ERROR("{}:{}:{} {}", file, line, column, message);
-      break;
-    case Kind::Warning:
-      LOG_WARNING("{}:{}:{} {}", file, line, column, message);
-      break;
-    case Kind::Remark:
-      LOG_INFO("{}:{}:{} {}", file, line, column, message);
-      break;
-    case Kind::Note:
-      LOG_DEBUG("{}:{}:{} {}", file, line, column, message);
-      break;
-    default:
-      LOG_ERROR("unknown diagnostic kind {}, {}:{}:{} {}", diagInfo.Kind, file, line, column,
-                message);
-      break;
-  }
-}
--- a/swift/extractor/invocation/SwiftDiagnosticsConsumer.h
+++ b/swift/extractor/invocation/SwiftDiagnosticsConsumer.h
@@ -2,7 +2,6 @@

 #include <swift/AST/DiagnosticConsumer.h>
 #include "swift/extractor/infra/SwiftLocationExtractor.h"
-#include "swift/extractor/infra/log/SwiftLogging.h"

 namespace codeql {

@@ -18,17 +17,8 @@ class SwiftDiagnosticsConsumer : public swift::DiagnosticConsumer {
 private:
  static std::string getDiagMessage(swift::SourceManager& sourceManager,
                                    const swift::DiagnosticInfo& diagInfo);
-  void forwardToLog(swift::SourceManager& sourceManager,
-                    const swift::DiagnosticInfo& diagInfo,
-                    const std::string& message);
-
-  void forwardToLog(swift::SourceManager& sourceManager, const swift::DiagnosticInfo& diagInfo) {
-    forwardToLog(sourceManager, diagInfo, getDiagMessage(sourceManager, diagInfo));
-  }
-
  TrapDomain& trap;
  SwiftLocationExtractor locationExtractor;
-  Logger logger{"compiler"};
 };

 }  // namespace codeql
--- a/swift/extractor/main.cpp
+++ b/swift/extractor/main.cpp
@@ -86,8 +86,6 @@ class Observer : public swift::FrontendObserver {
  }

  void configuredCompiler(swift::CompilerInstance& instance) override {
-    // remove default consumers to avoid double messaging
-    instance.getDiags().takeConsumers();
    instance.addDiagnosticConsumer(&diagConsumer);
  }

--- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlow.qll
+++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlow.qll
@@ -361,3 +361,52 @@ module MergePathGraph<
    }
  }
 }
+
+/**
+ * Constructs a `PathGraph` from three `PathGraph`s by disjoint union.
+ */
+module MergePathGraph3<
+  PathNodeSig PathNode1, PathNodeSig PathNode2, PathNodeSig PathNode3,
+  PathGraphSig<PathNode1> Graph1, PathGraphSig<PathNode2> Graph2, PathGraphSig<PathNode3> Graph3>
+{
+  private module MergedInner = MergePathGraph<PathNode1, PathNode2, Graph1, Graph2>;
+
+  private module Merged =
+    MergePathGraph<MergedInner::PathNode, PathNode3, MergedInner::PathGraph, Graph3>;
+
+  /** A node in a graph of path explanations that is formed by disjoint union of the three given graphs. */
+  class PathNode instanceof Merged::PathNode {
+    /** Gets this as a projection on the first given `PathGraph`. */
+    PathNode1 asPathNode1() { result = super.asPathNode1().asPathNode1() }
+
+    /** Gets this as a projection on the second given `PathGraph`. */
+    PathNode2 asPathNode2() { result = super.asPathNode1().asPathNode2() }
+
+    /** Gets this as a projection on the third given `PathGraph`. */
+    PathNode3 asPathNode3() { result = super.asPathNode2() }
+
+    /** Gets a textual representation of this element. */
+    string toString() { result = super.toString() }
+
+    /**
+     * Holds if this element is at the specified location.
+     * The location spans column `startcolumn` of line `startline` to
+     * column `endcolumn` of line `endline` in file `filepath`.
+     * For more information, see
+     * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
+     */
+    predicate hasLocationInfo(
+      string filepath, int startline, int startcolumn, int endline, int endcolumn
+    ) {
+      super.hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
+    }
+
+    /** Gets the underlying `Node`. */
+    Node getNode() { result = super.getNode() }
+  }
+
+  /**
+   * Provides the query predicates needed to include a graph in a path-problem query.
+   */
+  module PathGraph = Merged::PathGraph;
+}
--- a/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
+++ b/swift/ql/src/queries/Security/CWE-094/UnsafeJsEval.ql
@@ -4,7 +4,7 @@
 * @kind path-problem
 * @problem.severity warning
 * @security-severity 9.3
- * @precision high
+ * @precision medium
 * @id swift/unsafe-js-eval
 * @tags security
 *       external/cwe/cwe-094