diff --git a/go/ql/test/example-tests/snippets/typeinfo.expected b/go/ql/test/example-tests/snippets/typeinfo.expected
index c78f79a49c3..cb3145e11d6 100644
--- a/go/ql/test/example-tests/snippets/typeinfo.expected
+++ b/go/ql/test/example-tests/snippets/typeinfo.expected
@@ -1,3 +1,8 @@
+| file://:0:0:0:0 | parameter 1 of ReadResponse |
+| file://:0:0:0:0 | parameter -1 of AddCookie |
+| file://:0:0:0:0 | parameter -1 of Clone |
+| file://:0:0:0:0 | parameter -1 of Write |
+| file://:0:0:0:0 | parameter -1 of WriteProxy |
 | main.go:18:12:18:14 | argument corresponding to req |
 | main.go:18:12:18:14 | definition of req |
 | main.go:20:5:20:7 | req |
diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected
index bc4066b614e..8937bfd0db6 100644
--- a/go/ql/test/experimental/CWE-918/SSRF.expected
+++ b/go/ql/test/experimental/CWE-918/SSRF.expected
@@ -7,18 +7,11 @@ edges
 | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll |
 | file://:0:0:0:0 | parameter 0 of TrimPrefix | file://:0:0:0:0 | [summary] to write: return (return[0]) in TrimPrefix |
 | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal |
-| file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf |
 | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
 | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe |
-| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word |
-| new-tests.go:31:48:31:56 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf |
-| new-tests.go:32:48:32:56 | selection of safe | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:32:48:32:56 | selection of safe | new-tests.go:32:11:32:57 | call to Sprintf |
-| new-tests.go:35:49:35:57 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:31:11:31:57 | call to Sprintf |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:32:11:32:57 | call to Sprintf |
+| new-tests.go:26:26:26:30 | &... | new-tests.go:35:12:35:58 | call to Sprintf |
 | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... |
 | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... |
 | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody |
@@ -26,15 +19,9 @@ edges
 | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] |
 | new-tests.go:63:17:63:23 | reqBody | file://:0:0:0:0 | parameter 0 of Unmarshal |
 | new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe |
-| new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word |
-| new-tests.go:68:48:68:56 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf |
-| new-tests.go:69:48:69:56 | selection of safe | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:69:48:69:56 | selection of safe | new-tests.go:69:11:69:57 | call to Sprintf |
-| new-tests.go:74:49:74:57 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf |
-| new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf |
+| new-tests.go:63:26:63:30 | &... | new-tests.go:68:11:68:57 | call to Sprintf |
+| new-tests.go:63:26:63:30 | &... | new-tests.go:69:11:69:57 | call to Sprintf |
+| new-tests.go:63:26:63:30 | &... | new-tests.go:74:12:74:58 | call to Sprintf |
 | new-tests.go:78:18:78:24 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
 | new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query |
 | new-tests.go:78:18:78:32 | call to Query | file://:0:0:0:0 | parameter -1 of Get |
@@ -61,21 +48,16 @@ nodes
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | semmle.label | [summary] to write: return (return[0]) in ReadAll |
-| file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | semmle.label | [summary] to write: return (return[0]) in Sprintf |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in TrimPrefix | semmle.label | [summary] to write: return (return[0]) in TrimPrefix |
 | file://:0:0:0:0 | parameter 0 of ReadAll | semmle.label | parameter 0 of ReadAll |
 | file://:0:0:0:0 | parameter 0 of TrimPrefix | semmle.label | parameter 0 of TrimPrefix |
 | file://:0:0:0:0 | parameter 0 of Unmarshal | semmle.label | parameter 0 of Unmarshal |
-| file://:0:0:0:0 | parameter 1 of Sprintf | semmle.label | parameter 1 of Sprintf |
 | file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
 | file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
 | new-tests.go:26:26:26:30 | &... | semmle.label | &... |
 | new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:31:48:31:56 | selection of word | semmle.label | selection of word |
 | new-tests.go:32:11:32:57 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:32:48:32:56 | selection of safe | semmle.label | selection of safe |
 | new-tests.go:35:12:35:58 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:35:49:35:57 | selection of word | semmle.label | selection of word |
 | new-tests.go:39:18:39:30 | call to Param | semmle.label | call to Param |
 | new-tests.go:47:11:47:46 | ...+... | semmle.label | ...+... |
 | new-tests.go:49:18:49:30 | call to Query | semmle.label | call to Query |
@@ -85,11 +67,8 @@ nodes
 | new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody |
 | new-tests.go:63:26:63:30 | &... | semmle.label | &... |
 | new-tests.go:68:11:68:57 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:68:48:68:56 | selection of word | semmle.label | selection of word |
 | new-tests.go:69:11:69:57 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:69:48:69:56 | selection of safe | semmle.label | selection of safe |
 | new-tests.go:74:12:74:58 | call to Sprintf | semmle.label | call to Sprintf |
-| new-tests.go:74:49:74:57 | selection of word | semmle.label | selection of word |
 | new-tests.go:78:18:78:24 | selection of URL | semmle.label | selection of URL |
 | new-tests.go:78:18:78:32 | call to Query | semmle.label | call to Query |
 | new-tests.go:78:18:78:46 | call to Get | semmle.label | call to Get |
@@ -103,14 +82,8 @@ nodes
 | new-tests.go:95:18:95:45 | call to URLParam | semmle.label | call to URLParam |
 | new-tests.go:96:11:96:46 | ...+... | semmle.label | ...+... |
 subpaths
-| new-tests.go:31:48:31:56 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:31:11:31:57 | call to Sprintf |
-| new-tests.go:32:48:32:56 | selection of safe | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:32:11:32:57 | call to Sprintf |
-| new-tests.go:35:49:35:57 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:35:12:35:58 | call to Sprintf |
 | new-tests.go:62:31:62:38 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | new-tests.go:62:2:62:39 | ... := ...[0] |
 | new-tests.go:63:17:63:23 | reqBody | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | new-tests.go:63:26:63:30 | &... |
-| new-tests.go:68:48:68:56 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:68:11:68:57 | call to Sprintf |
-| new-tests.go:69:48:69:56 | selection of safe | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:69:11:69:57 | call to Sprintf |
-| new-tests.go:74:49:74:57 | selection of word | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | new-tests.go:74:12:74:58 | call to Sprintf |
 | new-tests.go:78:18:78:24 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | new-tests.go:78:18:78:32 | call to Query |
 | new-tests.go:78:18:78:32 | call to Query | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | new-tests.go:78:18:78:46 | call to Get |
 | new-tests.go:81:37:81:48 | selection of Path | file://:0:0:0:0 | parameter 0 of TrimPrefix | file://:0:0:0:0 | [summary] to write: return (return[0]) in TrimPrefix | new-tests.go:81:18:81:67 | call to TrimPrefix |
diff --git a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
index 3e26f767b5e..dd6db54e381 100644
--- a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
+++ b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected
@@ -1,14 +1,21 @@
 edges
-| TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:16:29:16:40 | tainted_path |
-| TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:20:28:20:69 | call to Join |
+| TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:13:18:13:30 | call to Query |
+| TaintedPath.go:13:18:13:22 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
+| TaintedPath.go:13:18:13:30 | call to Query | TaintedPath.go:16:29:16:40 | tainted_path |
+| TaintedPath.go:13:18:13:30 | call to Query | TaintedPath.go:20:28:20:69 | call to Join |
+| file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
 | tst.go:14:2:14:39 | ... := ...[1] | tst.go:17:41:17:56 | selection of Filename |
 nodes
 | TaintedPath.go:13:18:13:22 | selection of URL | semmle.label | selection of URL |
+| TaintedPath.go:13:18:13:30 | call to Query | semmle.label | call to Query |
 | TaintedPath.go:16:29:16:40 | tainted_path | semmle.label | tainted_path |
 | TaintedPath.go:20:28:20:69 | call to Join | semmle.label | call to Join |
+| file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
+| file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
 | tst.go:14:2:14:39 | ... := ...[1] | semmle.label | ... := ...[1] |
 | tst.go:17:41:17:56 | selection of Filename | semmle.label | selection of Filename |
 subpaths
+| TaintedPath.go:13:18:13:22 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | TaintedPath.go:13:18:13:30 | call to Query |
 #select
 | TaintedPath.go:16:29:16:40 | tainted_path | TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:16:29:16:40 | tainted_path | This path depends on a $@. | TaintedPath.go:13:18:13:22 | selection of URL | user-provided value |
 | TaintedPath.go:20:28:20:69 | call to Join | TaintedPath.go:13:18:13:22 | selection of URL | TaintedPath.go:20:28:20:69 | call to Join | This path depends on a $@. | TaintedPath.go:13:18:13:22 | selection of URL | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
index 1506632f5c5..5b1da4f4d55 100644
--- a/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
+++ b/go/ql/test/query-tests/Security/CWE-022/ZipSlip.expected
@@ -4,8 +4,15 @@ edges
 | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name |
 | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate |
 | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate |
-| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:14:20:14:20 | p |
-| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:14:16:34 | call to Dir |
+| ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:12:24:12:29 | selection of Name |
+| ZipSlip.go:12:3:12:30 | ... := ...[0] | ZipSlip.go:14:20:14:20 | p |
+| ZipSlip.go:12:24:12:29 | selection of Name | ZipSlip.go:12:3:12:30 | ... := ...[0] |
+| ZipSlip.go:12:24:12:29 | selection of Name | file://:0:0:0:0 | parameter 0 of Abs |
+| file://:0:0:0:0 | parameter 0 of Abs | file://:0:0:0:0 | [summary] to write: return (return[0]) in Abs |
+| file://:0:0:0:0 | parameter 0 of Dir | file://:0:0:0:0 | [summary] to write: return (return[0]) in Dir |
+| tarslip.go:15:2:15:30 | ... := ...[0] | tarslip.go:16:23:16:33 | selection of Name |
+| tarslip.go:16:23:16:33 | selection of Name | file://:0:0:0:0 | parameter 0 of Dir |
+| tarslip.go:16:23:16:33 | selection of Name | tarslip.go:16:14:16:34 | call to Dir |
 | tst.go:23:2:43:2 | range statement[1] | tst.go:29:20:29:23 | path |
 nodes
 | UnsafeUnzipSymlinkGood.go:52:24:52:32 | definition of candidate | semmle.label | definition of candidate |
@@ -14,12 +21,21 @@ nodes
 | UnsafeUnzipSymlinkGood.go:76:24:76:38 | selection of Linkname | semmle.label | selection of Linkname |
 | UnsafeUnzipSymlinkGood.go:76:70:76:80 | selection of Name | semmle.label | selection of Name |
 | ZipSlip.go:11:2:15:2 | range statement[1] | semmle.label | range statement[1] |
+| ZipSlip.go:12:3:12:30 | ... := ...[0] | semmle.label | ... := ...[0] |
+| ZipSlip.go:12:24:12:29 | selection of Name | semmle.label | selection of Name |
 | ZipSlip.go:14:20:14:20 | p | semmle.label | p |
+| file://:0:0:0:0 | [summary] to write: return (return[0]) in Abs | semmle.label | [summary] to write: return (return[0]) in Abs |
+| file://:0:0:0:0 | [summary] to write: return (return[0]) in Dir | semmle.label | [summary] to write: return (return[0]) in Dir |
+| file://:0:0:0:0 | parameter 0 of Abs | semmle.label | parameter 0 of Abs |
+| file://:0:0:0:0 | parameter 0 of Dir | semmle.label | parameter 0 of Dir |
 | tarslip.go:15:2:15:30 | ... := ...[0] | semmle.label | ... := ...[0] |
 | tarslip.go:16:14:16:34 | call to Dir | semmle.label | call to Dir |
+| tarslip.go:16:23:16:33 | selection of Name | semmle.label | selection of Name |
 | tst.go:23:2:43:2 | range statement[1] | semmle.label | range statement[1] |
 | tst.go:29:20:29:23 | path | semmle.label | path |
 subpaths
+| ZipSlip.go:12:24:12:29 | selection of Name | file://:0:0:0:0 | parameter 0 of Abs | file://:0:0:0:0 | [summary] to write: return (return[0]) in Abs | ZipSlip.go:12:3:12:30 | ... := ...[0] |
+| tarslip.go:16:23:16:33 | selection of Name | file://:0:0:0:0 | parameter 0 of Dir | file://:0:0:0:0 | [summary] to write: return (return[0]) in Dir | tarslip.go:16:14:16:34 | call to Dir |
 #select
 | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:72:3:72:25 | ... := ...[0] | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | Unsanitized archive entry, which may contain '..', is used in a $@. | UnsafeUnzipSymlinkGood.go:61:31:61:62 | call to Join | file system operation |
 | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:11:2:15:2 | range statement[1] | ZipSlip.go:14:20:14:20 | p | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.go:14:20:14:20 | p | file system operation |
diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
index b55f04d6eed..ecf4ef9bedf 100644
--- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected
@@ -1,48 +1,65 @@
 edges
-| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:10:31:10:34 | path |
-| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:10:22:10:28 | cmdName |
-| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:12:31:12:37 | tainted |
-| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:13:31:13:37 | tainted |
-| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:14:30:14:36 | tainted |
-| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:15:35:15:41 | tainted |
-| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:16:36:16:42 | tainted |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:14:23:14:33 | slice expression |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:40:23:40:30 | arrayLit |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:54:23:54:30 | arrayLit |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:70:23:70:30 | arrayLit |
-| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:80:23:80:29 | tainted |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:96:24:96:34 | slice expression |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:101:24:101:34 | slice expression |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:105:30:105:36 | tainted |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:106:24:106:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:112:24:112:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:118:24:118:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:124:24:124:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:130:24:130:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:137:24:137:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:144:24:144:31 | arrayLit |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:148:30:148:36 | tainted |
-| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:152:24:152:30 | tainted |
+| ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:9:10:9:24 | call to Query |
+| ArgumentInjection.go:9:10:9:16 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
+| ArgumentInjection.go:9:10:9:24 | call to Query | ArgumentInjection.go:10:31:10:34 | path |
+| CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:9:13:9:27 | call to Query |
+| CommandInjection.go:9:13:9:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
+| CommandInjection.go:9:13:9:27 | call to Query | CommandInjection.go:10:22:10:28 | cmdName |
+| GitSubcommands.go:10:13:10:19 | selection of URL | GitSubcommands.go:10:13:10:27 | call to Query |
+| GitSubcommands.go:10:13:10:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
+| GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:12:31:12:37 | tainted |
+| GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:13:31:13:37 | tainted |
+| GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:14:30:14:36 | tainted |
+| GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:15:35:15:41 | tainted |
+| GitSubcommands.go:10:13:10:27 | call to Query | GitSubcommands.go:16:36:16:42 | tainted |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:40:23:40:30 | arrayLit |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:54:23:54:30 | arrayLit |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:70:23:70:30 | arrayLit |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:80:23:80:29 | tainted |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | SanitizingDoubleDash.go:92:13:92:27 | call to Query |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:96:24:96:34 | slice expression |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:101:24:101:34 | slice expression |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:105:30:105:36 | tainted |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:106:24:106:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:112:24:112:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:118:24:118:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:124:24:124:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:130:24:130:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:137:24:137:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:144:24:144:31 | arrayLit |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:148:30:148:36 | tainted |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:152:24:152:30 | tainted |
 | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit |
 | SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] |
+| file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
+| file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
 nodes
 | ArgumentInjection.go:9:10:9:16 | selection of URL | semmle.label | selection of URL |
+| ArgumentInjection.go:9:10:9:24 | call to Query | semmle.label | call to Query |
 | ArgumentInjection.go:10:31:10:34 | path | semmle.label | path |
 | CommandInjection.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
+| CommandInjection.go:9:13:9:27 | call to Query | semmle.label | call to Query |
 | CommandInjection.go:10:22:10:28 | cmdName | semmle.label | cmdName |
 | GitSubcommands.go:10:13:10:19 | selection of URL | semmle.label | selection of URL |
+| GitSubcommands.go:10:13:10:27 | call to Query | semmle.label | call to Query |
 | GitSubcommands.go:12:31:12:37 | tainted | semmle.label | tainted |
 | GitSubcommands.go:13:31:13:37 | tainted | semmle.label | tainted |
 | GitSubcommands.go:14:30:14:36 | tainted | semmle.label | tainted |
 | GitSubcommands.go:15:35:15:41 | tainted | semmle.label | tainted |
 | GitSubcommands.go:16:36:16:42 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL |
+| SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query |
 | SanitizingDoubleDash.go:14:23:14:33 | slice expression | semmle.label | slice expression |
 | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:70:23:70:30 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:80:23:80:29 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | semmle.label | selection of URL |
+| SanitizingDoubleDash.go:92:13:92:27 | call to Query | semmle.label | call to Query |
 | SanitizingDoubleDash.go:96:24:96:34 | slice expression | semmle.label | slice expression |
 | SanitizingDoubleDash.go:101:24:101:34 | slice expression | semmle.label | slice expression |
 | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | semmle.label | slice literal [array] |
@@ -56,7 +73,16 @@ nodes
 | SanitizingDoubleDash.go:144:24:144:31 | arrayLit | semmle.label | arrayLit |
 | SanitizingDoubleDash.go:148:30:148:36 | tainted | semmle.label | tainted |
 | SanitizingDoubleDash.go:152:24:152:30 | tainted | semmle.label | tainted |
+| file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
+| file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
+| file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
+| file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
 subpaths
+| ArgumentInjection.go:9:10:9:16 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | ArgumentInjection.go:9:10:9:24 | call to Query |
+| CommandInjection.go:9:13:9:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | CommandInjection.go:9:13:9:27 | call to Query |
+| GitSubcommands.go:10:13:10:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | GitSubcommands.go:10:13:10:27 | call to Query |
+| SanitizingDoubleDash.go:9:13:9:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | SanitizingDoubleDash.go:9:13:9:27 | call to Query |
+| SanitizingDoubleDash.go:92:13:92:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | SanitizingDoubleDash.go:92:13:92:27 | call to Query |
 #select
 | ArgumentInjection.go:10:31:10:34 | path | ArgumentInjection.go:9:10:9:16 | selection of URL | ArgumentInjection.go:10:31:10:34 | path | This command depends on a $@. | ArgumentInjection.go:9:10:9:16 | selection of URL | user-provided value |
 | CommandInjection.go:10:22:10:28 | cmdName | CommandInjection.go:9:13:9:19 | selection of URL | CommandInjection.go:10:22:10:28 | cmdName | This command depends on a $@. | CommandInjection.go:9:13:9:19 | selection of URL | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
index 9688fc81eeb..ea667480966 100644
--- a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
+++ b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected
@@ -1,17 +1,8 @@
 edges
-| StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows |
-| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... |
-| StoredCommand.go:13:2:13:5 | rows | file://:0:0:0:0 | parameter -1 of Scan |
-| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName |
-| file://:0:0:0:0 | parameter -1 of Scan | file://:0:0:0:0 | [summary] to write: argument 0 in Scan |
+| StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName |
 nodes
 | StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] |
-| StoredCommand.go:13:2:13:5 | rows | semmle.label | rows |
-| StoredCommand.go:13:12:13:19 | &... | semmle.label | &... |
 | StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName |
-| file://:0:0:0:0 | [summary] to write: argument 0 in Scan | semmle.label | [summary] to write: argument 0 in Scan |
-| file://:0:0:0:0 | parameter -1 of Scan | semmle.label | parameter -1 of Scan |
 subpaths
-| StoredCommand.go:13:2:13:5 | rows | file://:0:0:0:0 | parameter -1 of Scan | file://:0:0:0:0 | [summary] to write: argument 0 in Scan | StoredCommand.go:13:12:13:19 | &... |
 #select
 | StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName | This command depends on a $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | stored value |
diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
index 8fcd86b11e0..78d877087e4 100644
--- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
+++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected
@@ -14,27 +14,17 @@ edges
 | contenttype.go:113:10:113:28 | call to FormValue | contenttype.go:114:50:114:53 | data |
 | file://:0:0:0:0 | parameter 0 of Join | file://:0:0:0:0 | [summary] to write: return (return[0]) in Join |
 | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll |
-| file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf |
 | file://:0:0:0:0 | parameter -1 of FileName | file://:0:0:0:0 | [summary] to write: return (return[0]) in FileName |
 | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
 | file://:0:0:0:0 | parameter -1 of NextPart | file://:0:0:0:0 | [summary] to write: return (return[0]) in NextPart |
 | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
 | file://:0:0:0:0 | parameter -1 of Read | file://:0:0:0:0 | [summary] to write: argument 0 in Read |
-| reflectedxsstest.go:27:2:27:38 | ... := ...[0] | reflectedxsstest.go:28:50:28:55 | cookie |
-| reflectedxsstest.go:28:17:28:56 | call to Sprintf | reflectedxsstest.go:28:10:28:57 | type conversion |
-| reflectedxsstest.go:28:50:28:55 | cookie | file://:0:0:0:0 | parameter 1 of Sprintf |
-| reflectedxsstest.go:28:50:28:55 | cookie | reflectedxsstest.go:28:17:28:56 | call to Sprintf |
+| reflectedxsstest.go:27:2:27:38 | ... := ...[0] | reflectedxsstest.go:28:10:28:57 | type conversion |
 | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | reflectedxsstest.go:32:34:32:37 | file |
-| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:46:34:60 | selection of Filename |
-| reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:49:33:55 | content |
+| reflectedxsstest.go:31:2:31:44 | ... := ...[1] | reflectedxsstest.go:34:10:34:62 | type conversion |
+| reflectedxsstest.go:32:2:32:38 | ... := ...[0] | reflectedxsstest.go:33:10:33:57 | type conversion |
 | reflectedxsstest.go:32:34:32:37 | file | file://:0:0:0:0 | parameter 0 of ReadAll |
 | reflectedxsstest.go:32:34:32:37 | file | reflectedxsstest.go:32:2:32:38 | ... := ...[0] |
-| reflectedxsstest.go:33:17:33:56 | call to Sprintf | reflectedxsstest.go:33:10:33:57 | type conversion |
-| reflectedxsstest.go:33:49:33:55 | content | file://:0:0:0:0 | parameter 1 of Sprintf |
-| reflectedxsstest.go:33:49:33:55 | content | reflectedxsstest.go:33:17:33:56 | call to Sprintf |
-| reflectedxsstest.go:34:17:34:61 | call to Sprintf | reflectedxsstest.go:34:10:34:62 | type conversion |
-| reflectedxsstest.go:34:46:34:60 | selection of Filename | file://:0:0:0:0 | parameter 1 of Sprintf |
-| reflectedxsstest.go:34:46:34:60 | selection of Filename | reflectedxsstest.go:34:17:34:61 | call to Sprintf |
 | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | reflectedxsstest.go:39:16:39:21 | reader |
 | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:40:14:40:17 | part |
 | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | reflectedxsstest.go:42:2:42:5 | part |
@@ -42,13 +32,10 @@ edges
 | reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] |
 | reflectedxsstest.go:40:14:40:17 | part | file://:0:0:0:0 | parameter -1 of FileName |
 | reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName |
-| reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName |
+| reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:10:44:55 | type conversion |
 | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice |
 | reflectedxsstest.go:42:2:42:5 | part | file://:0:0:0:0 | parameter -1 of Read |
 | reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice |
-| reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion |
-| reflectedxsstest.go:44:46:44:53 | partName | file://:0:0:0:0 | parameter 1 of Sprintf |
-| reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | call to Sprintf |
 | reflectedxsstest.go:51:14:51:18 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
 | reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:51:14:51:26 | call to Query |
 | reflectedxsstest.go:51:14:51:26 | call to Query | reflectedxsstest.go:54:11:54:21 | type conversion |
@@ -92,10 +79,8 @@ nodes
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in NextPart | semmle.label | [summary] to write: return (return[0]) in NextPart |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | semmle.label | [summary] to write: return (return[0]) in ReadAll |
-| file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | semmle.label | [summary] to write: return (return[0]) in Sprintf |
 | file://:0:0:0:0 | parameter 0 of Join | semmle.label | parameter 0 of Join |
 | file://:0:0:0:0 | parameter 0 of ReadAll | semmle.label | parameter 0 of ReadAll |
-| file://:0:0:0:0 | parameter 1 of Sprintf | semmle.label | parameter 1 of Sprintf |
 | file://:0:0:0:0 | parameter -1 of FileName | semmle.label | parameter -1 of FileName |
 | file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
 | file://:0:0:0:0 | parameter -1 of NextPart | semmle.label | parameter -1 of NextPart |
@@ -103,18 +88,12 @@ nodes
 | file://:0:0:0:0 | parameter -1 of Read | semmle.label | parameter -1 of Read |
 | reflectedxsstest.go:27:2:27:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:28:10:28:57 | type conversion | semmle.label | type conversion |
-| reflectedxsstest.go:28:17:28:56 | call to Sprintf | semmle.label | call to Sprintf |
-| reflectedxsstest.go:28:50:28:55 | cookie | semmle.label | cookie |
 | reflectedxsstest.go:31:2:31:44 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:31:2:31:44 | ... := ...[1] | semmle.label | ... := ...[1] |
 | reflectedxsstest.go:32:2:32:38 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:32:34:32:37 | file | semmle.label | file |
 | reflectedxsstest.go:33:10:33:57 | type conversion | semmle.label | type conversion |
-| reflectedxsstest.go:33:17:33:56 | call to Sprintf | semmle.label | call to Sprintf |
-| reflectedxsstest.go:33:49:33:55 | content | semmle.label | content |
 | reflectedxsstest.go:34:10:34:62 | type conversion | semmle.label | type conversion |
-| reflectedxsstest.go:34:17:34:61 | call to Sprintf | semmle.label | call to Sprintf |
-| reflectedxsstest.go:34:46:34:60 | selection of Filename | semmle.label | selection of Filename |
 | reflectedxsstest.go:38:2:38:35 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | semmle.label | ... := ...[0] |
 | reflectedxsstest.go:39:16:39:21 | reader | semmle.label | reader |
@@ -123,8 +102,6 @@ nodes
 | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | semmle.label | definition of byteSlice |
 | reflectedxsstest.go:42:2:42:5 | part | semmle.label | part |
 | reflectedxsstest.go:44:10:44:55 | type conversion | semmle.label | type conversion |
-| reflectedxsstest.go:44:17:44:54 | call to Sprintf | semmle.label | call to Sprintf |
-| reflectedxsstest.go:44:46:44:53 | partName | semmle.label | partName |
 | reflectedxsstest.go:45:10:45:18 | byteSlice | semmle.label | byteSlice |
 | reflectedxsstest.go:51:14:51:18 | selection of URL | semmle.label | selection of URL |
 | reflectedxsstest.go:51:14:51:26 | call to Query | semmle.label | call to Query |
@@ -153,14 +130,10 @@ subpaths
 | ReflectedXss.go:11:15:11:20 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | ReflectedXss.go:11:15:11:36 | call to Get |
 | contenttype.go:11:11:11:16 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | contenttype.go:11:11:11:28 | call to Get |
 | contenttype.go:49:11:49:16 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | contenttype.go:49:11:49:28 | call to Get |
-| reflectedxsstest.go:28:50:28:55 | cookie | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | reflectedxsstest.go:28:17:28:56 | call to Sprintf |
 | reflectedxsstest.go:32:34:32:37 | file | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | reflectedxsstest.go:32:2:32:38 | ... := ...[0] |
-| reflectedxsstest.go:33:49:33:55 | content | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | reflectedxsstest.go:33:17:33:56 | call to Sprintf |
-| reflectedxsstest.go:34:46:34:60 | selection of Filename | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | reflectedxsstest.go:34:17:34:61 | call to Sprintf |
 | reflectedxsstest.go:39:16:39:21 | reader | file://:0:0:0:0 | parameter -1 of NextPart | file://:0:0:0:0 | [summary] to write: return (return[0]) in NextPart | reflectedxsstest.go:39:2:39:32 | ... := ...[0] |
 | reflectedxsstest.go:40:14:40:17 | part | file://:0:0:0:0 | parameter -1 of FileName | file://:0:0:0:0 | [summary] to write: return (return[0]) in FileName | reflectedxsstest.go:40:14:40:28 | call to FileName |
 | reflectedxsstest.go:42:2:42:5 | part | file://:0:0:0:0 | parameter -1 of Read | file://:0:0:0:0 | [summary] to write: argument 0 in Read | reflectedxsstest.go:41:2:41:10 | definition of byteSlice |
-| reflectedxsstest.go:44:46:44:53 | partName | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | reflectedxsstest.go:44:17:44:54 | call to Sprintf |
 | reflectedxsstest.go:51:14:51:18 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | reflectedxsstest.go:51:14:51:26 | call to Query |
 | tst.go:14:15:14:20 | selection of Form | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | tst.go:14:15:14:36 | call to Get |
 | tst.go:18:32:18:32 | a | file://:0:0:0:0 | parameter 0 of Join | file://:0:0:0:0 | [summary] to write: return (return[0]) in Join | tst.go:18:19:18:38 | call to Join |
diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
index 33c4c72360b..598ebbc10d8 100644
--- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
@@ -1,13 +1,9 @@
 edges
-| SqlInjection.go:10:7:11:30 | call to Sprintf | SqlInjection.go:12:11:12:11 | q |
 | SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:11:3:11:17 | call to Query |
 | SqlInjection.go:11:3:11:9 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
-| SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:11:3:11:29 | index expression |
-| SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf |
-| SqlInjection.go:11:3:11:29 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf |
+| SqlInjection.go:11:3:11:17 | call to Query | SqlInjection.go:12:11:12:11 | q |
 | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll |
 | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal |
-| file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf |
 | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get |
 | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query |
 | issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b |
@@ -15,37 +11,25 @@ edges
 | issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] |
 | issue48.go:18:17:18:17 | b | file://:0:0:0:0 | parameter 0 of Unmarshal |
 | issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... |
-| issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression |
-| issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 |
-| issue48.go:21:3:21:33 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf |
-| issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf |
+| issue48.go:18:20:18:39 | &... | issue48.go:22:11:22:12 | q3 |
 | issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 |
 | issue48.go:27:26:27:33 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll |
 | issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] |
 | issue48.go:28:17:28:18 | b2 | file://:0:0:0:0 | parameter 0 of Unmarshal |
 | issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... |
-| issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category |
-| issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 |
-| issue48.go:31:3:31:31 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
-| issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf |
+| issue48.go:28:21:28:41 | &... | issue48.go:32:11:32:12 | q4 |
 | issue48.go:37:17:37:50 | type conversion | file://:0:0:0:0 | parameter 0 of Unmarshal |
 | issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... |
 | issue48.go:37:24:37:30 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
 | issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query |
 | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion |
-| issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category |
-| issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 |
-| issue48.go:40:3:40:31 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
-| issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | call to Sprintf |
+| issue48.go:37:53:37:73 | &... | issue48.go:41:11:41:12 | q5 |
 | main.go:10:11:10:16 | selection of Form | main.go:10:11:10:28 | index expression |
 | main.go:14:63:14:67 | selection of URL | file://:0:0:0:0 | parameter -1 of Query |
 | main.go:14:63:14:67 | selection of URL | main.go:14:63:14:75 | call to Query |
-| main.go:14:63:14:75 | call to Query | main.go:14:63:14:83 | index expression |
-| main.go:14:63:14:83 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf |
-| main.go:14:63:14:83 | index expression | main.go:14:11:14:84 | call to Sprintf |
+| main.go:14:63:14:75 | call to Query | main.go:14:11:14:84 | call to Sprintf |
 | main.go:15:63:15:70 | selection of Header | file://:0:0:0:0 | parameter -1 of Get |
 | main.go:15:63:15:70 | selection of Header | main.go:15:63:15:84 | call to Get |
-| main.go:15:63:15:84 | call to Get | file://:0:0:0:0 | parameter 1 of Sprintf |
 | main.go:15:63:15:84 | call to Get | main.go:15:11:15:85 | call to Sprintf |
 | main.go:27:17:30:2 | &... [pointer, Category] | main.go:33:3:33:13 | RequestData [pointer, Category] |
 | main.go:27:18:30:2 | struct literal [Category] | main.go:27:17:30:2 | &... [pointer, Category] |
@@ -53,11 +37,9 @@ edges
 | main.go:29:13:29:19 | selection of URL | main.go:29:13:29:27 | call to Query |
 | main.go:29:13:29:27 | call to Query | main.go:29:13:29:39 | index expression |
 | main.go:29:13:29:39 | index expression | main.go:27:18:30:2 | struct literal [Category] |
-| main.go:32:7:33:23 | call to Sprintf | main.go:34:11:34:11 | q |
 | main.go:33:3:33:13 | RequestData [pointer, Category] | main.go:33:3:33:13 | implicit dereference [Category] |
 | main.go:33:3:33:13 | implicit dereference [Category] | main.go:33:3:33:22 | selection of Category |
-| main.go:33:3:33:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
-| main.go:33:3:33:22 | selection of Category | main.go:32:7:33:23 | call to Sprintf |
+| main.go:33:3:33:22 | selection of Category | main.go:34:11:34:11 | q |
 | main.go:38:2:38:12 | definition of RequestData [pointer, Category] | main.go:39:2:39:12 | RequestData [pointer, Category] |
 | main.go:38:2:38:12 | definition of RequestData [pointer, Category] | main.go:42:3:42:13 | RequestData [pointer, Category] |
 | main.go:39:2:39:12 | RequestData [pointer, Category] | main.go:39:2:39:12 | implicit dereference [Category] |
@@ -66,11 +48,9 @@ edges
 | main.go:39:25:39:31 | selection of URL | main.go:39:25:39:39 | call to Query |
 | main.go:39:25:39:39 | call to Query | main.go:39:25:39:51 | index expression |
 | main.go:39:25:39:51 | index expression | main.go:39:2:39:12 | implicit dereference [Category] |
-| main.go:41:7:42:23 | call to Sprintf | main.go:43:11:43:11 | q |
 | main.go:42:3:42:13 | RequestData [pointer, Category] | main.go:42:3:42:13 | implicit dereference [Category] |
 | main.go:42:3:42:13 | implicit dereference [Category] | main.go:42:3:42:22 | selection of Category |
-| main.go:42:3:42:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
-| main.go:42:3:42:22 | selection of Category | main.go:41:7:42:23 | call to Sprintf |
+| main.go:42:3:42:22 | selection of Category | main.go:43:11:43:11 | q |
 | main.go:47:2:47:12 | definition of RequestData [pointer, Category] | main.go:48:4:48:14 | RequestData [pointer, Category] |
 | main.go:47:2:47:12 | definition of RequestData [pointer, Category] | main.go:51:3:51:13 | RequestData [pointer, Category] |
 | main.go:48:3:48:14 | star expression [Category] | main.go:47:2:47:12 | definition of RequestData [pointer, Category] |
@@ -79,11 +59,9 @@ edges
 | main.go:48:28:48:34 | selection of URL | main.go:48:28:48:42 | call to Query |
 | main.go:48:28:48:42 | call to Query | main.go:48:28:48:54 | index expression |
 | main.go:48:28:48:54 | index expression | main.go:48:3:48:14 | star expression [Category] |
-| main.go:50:7:51:23 | call to Sprintf | main.go:52:11:52:11 | q |
 | main.go:51:3:51:13 | RequestData [pointer, Category] | main.go:51:3:51:13 | implicit dereference [Category] |
 | main.go:51:3:51:13 | implicit dereference [Category] | main.go:51:3:51:22 | selection of Category |
-| main.go:51:3:51:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
-| main.go:51:3:51:22 | selection of Category | main.go:50:7:51:23 | call to Sprintf |
+| main.go:51:3:51:22 | selection of Category | main.go:52:11:52:11 | q |
 | main.go:56:2:56:12 | definition of RequestData [pointer, Category] | main.go:57:4:57:14 | RequestData [pointer, Category] |
 | main.go:56:2:56:12 | definition of RequestData [pointer, Category] | main.go:60:5:60:15 | RequestData [pointer, Category] |
 | main.go:57:3:57:14 | star expression [Category] | main.go:56:2:56:12 | definition of RequestData [pointer, Category] |
@@ -92,9 +70,7 @@ edges
 | main.go:57:28:57:34 | selection of URL | main.go:57:28:57:42 | call to Query |
 | main.go:57:28:57:42 | call to Query | main.go:57:28:57:54 | index expression |
 | main.go:57:28:57:54 | index expression | main.go:57:3:57:14 | star expression [Category] |
-| main.go:59:7:60:26 | call to Sprintf | main.go:61:11:61:11 | q |
-| main.go:60:3:60:25 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf |
-| main.go:60:3:60:25 | selection of Category | main.go:59:7:60:26 | call to Sprintf |
+| main.go:60:3:60:25 | selection of Category | main.go:61:11:61:11 | q |
 | main.go:60:4:60:15 | star expression [Category] | main.go:60:3:60:25 | selection of Category |
 | main.go:60:5:60:15 | RequestData [pointer, Category] | main.go:60:4:60:15 | star expression [Category] |
 | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:57:22:57:29 | pipeline |
@@ -112,48 +88,37 @@ edges
 | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:80:22:80:27 | filter |
 | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:81:18:81:25 | pipeline |
 nodes
-| SqlInjection.go:10:7:11:30 | call to Sprintf | semmle.label | call to Sprintf |
 | SqlInjection.go:11:3:11:9 | selection of URL | semmle.label | selection of URL |
 | SqlInjection.go:11:3:11:17 | call to Query | semmle.label | call to Query |
-| SqlInjection.go:11:3:11:29 | index expression | semmle.label | index expression |
 | SqlInjection.go:12:11:12:11 | q | semmle.label | q |
 | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | semmle.label | [summary] to write: argument 1 in Unmarshal |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | semmle.label | [summary] to write: return (return[0]) in Get |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | semmle.label | [summary] to write: return (return[0]) in Query |
 | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | semmle.label | [summary] to write: return (return[0]) in ReadAll |
-| file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | semmle.label | [summary] to write: return (return[0]) in Sprintf |
 | file://:0:0:0:0 | parameter 0 of ReadAll | semmle.label | parameter 0 of ReadAll |
 | file://:0:0:0:0 | parameter 0 of Unmarshal | semmle.label | parameter 0 of Unmarshal |
-| file://:0:0:0:0 | parameter 1 of Sprintf | semmle.label | parameter 1 of Sprintf |
 | file://:0:0:0:0 | parameter -1 of Get | semmle.label | parameter -1 of Get |
 | file://:0:0:0:0 | parameter -1 of Query | semmle.label | parameter -1 of Query |
 | issue48.go:17:2:17:33 | ... := ...[0] | semmle.label | ... := ...[0] |
 | issue48.go:17:25:17:32 | selection of Body | semmle.label | selection of Body |
 | issue48.go:18:17:18:17 | b | semmle.label | b |
 | issue48.go:18:20:18:39 | &... | semmle.label | &... |
-| issue48.go:20:8:21:34 | call to Sprintf | semmle.label | call to Sprintf |
-| issue48.go:21:3:21:33 | index expression | semmle.label | index expression |
 | issue48.go:22:11:22:12 | q3 | semmle.label | q3 |
 | issue48.go:27:2:27:34 | ... := ...[0] | semmle.label | ... := ...[0] |
 | issue48.go:27:26:27:33 | selection of Body | semmle.label | selection of Body |
 | issue48.go:28:17:28:18 | b2 | semmle.label | b2 |
 | issue48.go:28:21:28:41 | &... | semmle.label | &... |
-| issue48.go:30:8:31:32 | call to Sprintf | semmle.label | call to Sprintf |
-| issue48.go:31:3:31:31 | selection of Category | semmle.label | selection of Category |
 | issue48.go:32:11:32:12 | q4 | semmle.label | q4 |
 | issue48.go:37:17:37:50 | type conversion | semmle.label | type conversion |
 | issue48.go:37:24:37:30 | selection of URL | semmle.label | selection of URL |
 | issue48.go:37:24:37:38 | call to Query | semmle.label | call to Query |
 | issue48.go:37:53:37:73 | &... | semmle.label | &... |
-| issue48.go:39:8:40:32 | call to Sprintf | semmle.label | call to Sprintf |
-| issue48.go:40:3:40:31 | selection of Category | semmle.label | selection of Category |
 | issue48.go:41:11:41:12 | q5 | semmle.label | q5 |
 | main.go:10:11:10:16 | selection of Form | semmle.label | selection of Form |
 | main.go:10:11:10:28 | index expression | semmle.label | index expression |
 | main.go:14:11:14:84 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:14:63:14:67 | selection of URL | semmle.label | selection of URL |
 | main.go:14:63:14:75 | call to Query | semmle.label | call to Query |
-| main.go:14:63:14:83 | index expression | semmle.label | index expression |
 | main.go:15:11:15:85 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:15:63:15:70 | selection of Header | semmle.label | selection of Header |
 | main.go:15:63:15:84 | call to Get | semmle.label | call to Get |
@@ -162,7 +127,6 @@ nodes
 | main.go:29:13:29:19 | selection of URL | semmle.label | selection of URL |
 | main.go:29:13:29:27 | call to Query | semmle.label | call to Query |
 | main.go:29:13:29:39 | index expression | semmle.label | index expression |
-| main.go:32:7:33:23 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:33:3:33:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
 | main.go:33:3:33:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
 | main.go:33:3:33:22 | selection of Category | semmle.label | selection of Category |
@@ -173,7 +137,6 @@ nodes
 | main.go:39:25:39:31 | selection of URL | semmle.label | selection of URL |
 | main.go:39:25:39:39 | call to Query | semmle.label | call to Query |
 | main.go:39:25:39:51 | index expression | semmle.label | index expression |
-| main.go:41:7:42:23 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:42:3:42:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
 | main.go:42:3:42:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
 | main.go:42:3:42:22 | selection of Category | semmle.label | selection of Category |
@@ -184,7 +147,6 @@ nodes
 | main.go:48:28:48:34 | selection of URL | semmle.label | selection of URL |
 | main.go:48:28:48:42 | call to Query | semmle.label | call to Query |
 | main.go:48:28:48:54 | index expression | semmle.label | index expression |
-| main.go:50:7:51:23 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:51:3:51:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
 | main.go:51:3:51:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] |
 | main.go:51:3:51:22 | selection of Category | semmle.label | selection of Category |
@@ -195,7 +157,6 @@ nodes
 | main.go:57:28:57:34 | selection of URL | semmle.label | selection of URL |
 | main.go:57:28:57:42 | call to Query | semmle.label | call to Query |
 | main.go:57:28:57:54 | index expression | semmle.label | index expression |
-| main.go:59:7:60:26 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:60:3:60:25 | selection of Category | semmle.label | selection of Category |
 | main.go:60:4:60:15 | star expression [Category] | semmle.label | star expression [Category] |
 | main.go:60:5:60:15 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
@@ -217,28 +178,18 @@ nodes
 | mongoDB.go:81:18:81:25 | pipeline | semmle.label | pipeline |
 subpaths
 | SqlInjection.go:11:3:11:9 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | SqlInjection.go:11:3:11:17 | call to Query |
-| SqlInjection.go:11:3:11:29 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | SqlInjection.go:10:7:11:30 | call to Sprintf |
 | issue48.go:17:25:17:32 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | issue48.go:17:2:17:33 | ... := ...[0] |
 | issue48.go:18:17:18:17 | b | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | issue48.go:18:20:18:39 | &... |
-| issue48.go:21:3:21:33 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | issue48.go:20:8:21:34 | call to Sprintf |
 | issue48.go:27:26:27:33 | selection of Body | file://:0:0:0:0 | parameter 0 of ReadAll | file://:0:0:0:0 | [summary] to write: return (return[0]) in ReadAll | issue48.go:27:2:27:34 | ... := ...[0] |
 | issue48.go:28:17:28:18 | b2 | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | issue48.go:28:21:28:41 | &... |
-| issue48.go:31:3:31:31 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | issue48.go:30:8:31:32 | call to Sprintf |
 | issue48.go:37:17:37:50 | type conversion | file://:0:0:0:0 | parameter 0 of Unmarshal | file://:0:0:0:0 | [summary] to write: argument 1 in Unmarshal | issue48.go:37:53:37:73 | &... |
 | issue48.go:37:24:37:30 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | issue48.go:37:24:37:38 | call to Query |
-| issue48.go:40:3:40:31 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | issue48.go:39:8:40:32 | call to Sprintf |
 | main.go:14:63:14:67 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:14:63:14:75 | call to Query |
-| main.go:14:63:14:83 | index expression | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:14:11:14:84 | call to Sprintf |
 | main.go:15:63:15:70 | selection of Header | file://:0:0:0:0 | parameter -1 of Get | file://:0:0:0:0 | [summary] to write: return (return[0]) in Get | main.go:15:63:15:84 | call to Get |
-| main.go:15:63:15:84 | call to Get | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:15:11:15:85 | call to Sprintf |
 | main.go:29:13:29:19 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:29:13:29:27 | call to Query |
-| main.go:33:3:33:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:32:7:33:23 | call to Sprintf |
 | main.go:39:25:39:31 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:39:25:39:39 | call to Query |
-| main.go:42:3:42:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:41:7:42:23 | call to Sprintf |
 | main.go:48:28:48:34 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:48:28:48:42 | call to Query |
-| main.go:51:3:51:22 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:50:7:51:23 | call to Sprintf |
 | main.go:57:28:57:34 | selection of URL | file://:0:0:0:0 | parameter -1 of Query | file://:0:0:0:0 | [summary] to write: return (return[0]) in Query | main.go:57:28:57:42 | call to Query |
-| main.go:60:3:60:25 | selection of Category | file://:0:0:0:0 | parameter 1 of Sprintf | file://:0:0:0:0 | [summary] to write: return (return[0]) in Sprintf | main.go:59:7:60:26 | call to Sprintf |
 #select
 | SqlInjection.go:12:11:12:11 | q | SqlInjection.go:11:3:11:9 | selection of URL | SqlInjection.go:12:11:12:11 | q | This query depends on a $@. | SqlInjection.go:11:3:11:9 | selection of URL | user-provided value |
 | issue48.go:22:11:22:12 | q3 | issue48.go:17:25:17:32 | selection of Body | issue48.go:22:11:22:12 | q3 | This query depends on a $@. | issue48.go:17:25:17:32 | selection of Body | user-provided value |
diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
index 9e767daf186..46f388824e5 100644
--- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
+++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected
@@ -1,16 +1,24 @@
 edges
+| file://:0:0:0:0 | parameter 0 of ReadFull | file://:0:0:0:0 | [summary] to write: argument 1 in ReadFull |
 | sample.go:15:24:15:63 | type conversion | sample.go:16:9:16:15 | slice expression |
 | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:24:15:63 | type conversion |
 | sample.go:16:9:16:15 | slice expression | sample.go:26:25:26:30 | call to Guid |
-| sample.go:34:12:34:40 | call to New | sample.go:37:25:37:29 | nonce |
-| sample.go:34:12:34:40 | call to New | sample.go:37:32:37:36 | nonce |
+| sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce |
+| sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce |
+| sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random |
+| sample.go:35:14:35:19 | random | file://:0:0:0:0 | parameter 0 of ReadFull |
+| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce |
 nodes
 | InsecureRandomness.go:12:18:12:40 | call to Intn | semmle.label | call to Intn |
+| file://:0:0:0:0 | [summary] to write: argument 1 in ReadFull | semmle.label | [summary] to write: argument 1 in ReadFull |
+| file://:0:0:0:0 | parameter 0 of ReadFull | semmle.label | parameter 0 of ReadFull |
 | sample.go:15:24:15:63 | type conversion | semmle.label | type conversion |
 | sample.go:15:49:15:61 | call to Uint32 | semmle.label | call to Uint32 |
 | sample.go:16:9:16:15 | slice expression | semmle.label | slice expression |
 | sample.go:26:25:26:30 | call to Guid | semmle.label | call to Guid |
+| sample.go:33:2:33:6 | definition of nonce | semmle.label | definition of nonce |
 | sample.go:34:12:34:40 | call to New | semmle.label | call to New |
+| sample.go:35:14:35:19 | random | semmle.label | random |
 | sample.go:37:25:37:29 | nonce | semmle.label | nonce |
 | sample.go:37:32:37:36 | nonce | semmle.label | nonce |
 | sample.go:43:17:43:39 | call to Intn | semmle.label | call to Intn |
@@ -19,6 +27,7 @@ nodes
 | sample.go:46:17:46:39 | call to Intn | semmle.label | call to Intn |
 | sample.go:47:17:47:39 | call to Intn | semmle.label | call to Intn |
 subpaths
+| sample.go:35:14:35:19 | random | file://:0:0:0:0 | parameter 0 of ReadFull | file://:0:0:0:0 | [summary] to write: argument 1 in ReadFull | sample.go:33:2:33:6 | definition of nonce |
 #select
 | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | InsecureRandomness.go:12:18:12:40 | call to Intn | random number |
 | sample.go:26:25:26:30 | call to Guid | sample.go:15:49:15:61 | call to Uint32 | sample.go:26:25:26:30 | call to Guid | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:15:49:15:61 | call to Uint32 | random number |