Merge branch 'main' into lcartey/support-sap-json-formats

.github/workflows/go-tests-rtjo.yml

@@ -0,0 +1,22 @@
+name: "Go: Run RTJO Tests"
+on:
+  pull_request:
+    types:
+      - labeled
+
+permissions:
+  contents: read
+
+jobs:
+  test-linux:
+    if: "github.repository_owner == 'github' && github.event.label.name == 'Run: RTJO Language Tests'"
+    name: RTJO Test Linux (Ubuntu)
+    runs-on: ubuntu-latest-xl
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Run tests
+        uses: ./go/actions/test
+        with:
+          run-code-checks: true
+          dynamic-join-order-mode: all

.github/workflows/ruby-qltest-rtjo.yml

@@ -0,0 +1,40 @@
+name: "Ruby: Run RTJO Language Tests"
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - labeled
+
+env:
+  CARGO_TERM_COLOR: always
+
+defaults:
+  run:
+    working-directory: ruby
+
+permissions:
+  contents: read
+
+jobs:
+  qltest-rtjo:
+    if: "github.repository_owner == 'github' && github.event.label.name == 'Run: RTJO Language Tests'"
+    runs-on: ubuntu-latest-xl
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/fetch-codeql
+      - uses: ./ruby/actions/create-extractor-pack
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with:
+          key: ruby-qltest
+      - name: Run QL tests
+        run: |
+          codeql test run --dynamic-join-order-mode=all --threads=0 --ram 50000 --search-path "${{ github.workspace }}" --check-databases --check-undefined-labels --check-unused-labels --check-repeated-labels --check-redefined-labels --check-use-before-definition --consistency-queries ql/consistency-queries ql/test --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
+        env:
+          GITHUB_TOKEN: ${{ github.token }}

actions/ql/lib/change-notes/2025-03-20.md

@@ -0,0 +1,5 @@
+---
+category: fix
+---
+* The query `actions/code-injection/medium` now produces alerts for injection
+  vulnerabilities on `pull_request` events.

actions/ql/lib/ext/config/context_event_map.yml

@@ -30,6 +30,9 @@ extensions:
       - ["pull_request_review_comment", "github.event.review"] 
       - ["pull_request_review_comment", "github.head_ref"] 
       - ["pull_request_review_comment", "github.event.changes"] 
+      - ["pull_request", "github.event.pull_request"] 
+      - ["pull_request", "github.head_ref"] 
+      - ["pull_request", "github.event.changes"] 
       - ["pull_request_target", "github.event.pull_request"] 
       - ["pull_request_target", "github.head_ref"] 
       - ["pull_request_target", "github.event.changes"] 

actions/ql/lib/ext/config/externally_triggereable_events.yml

@@ -12,6 +12,7 @@ extensions:
       - ["pull_request_comment"]
       - ["pull_request_review"]
       - ["pull_request_review_comment"]
+      - ["pull_request"]
       - ["pull_request_target"]
       - ["workflow_run"] # depending on branch filter
       - ["workflow_call"] # depending on caller

actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected

@@ -400,6 +400,7 @@ nodes
 | .github/workflows/level0.yml:44:20:44:49 | github.event.issue.body | semmle.label | github.event.issue.body |
 | .github/workflows/level0.yml:69:35:69:66 | github.event.comment.body | semmle.label | github.event.comment.body |
 | .github/workflows/level1.yml:37:38:37:81 | github.event.workflow_run.head_branch | semmle.label | github.event.workflow_run.head_branch |
+| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
 | .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
 | .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
 | .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | semmle.label | github.event.pull_request.head.label |
@@ -629,6 +630,7 @@ nodes
 | .github/workflows/test19.yml:124:9:129:6 | Run Step: title3 [title] | semmle.label | Run Step: title3 [title] |
 | .github/workflows/test19.yml:125:14:128:50 | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n | semmle.label | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n |
 | .github/workflows/test19.yml:129:21:129:52 | steps.title3.outputs.title | semmle.label | steps.title3.outputs.title |
+| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref |
 | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
 | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
 | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |

actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected

@@ -400,6 +400,7 @@ nodes
 | .github/workflows/level0.yml:44:20:44:49 | github.event.issue.body | semmle.label | github.event.issue.body |
 | .github/workflows/level0.yml:69:35:69:66 | github.event.comment.body | semmle.label | github.event.comment.body |
 | .github/workflows/level1.yml:37:38:37:81 | github.event.workflow_run.head_branch | semmle.label | github.event.workflow_run.head_branch |
+| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
 | .github/workflows/pull_request_review.yml:7:19:7:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
 | .github/workflows/pull_request_review.yml:8:19:8:55 | github.event.pull_request.body | semmle.label | github.event.pull_request.body |
 | .github/workflows/pull_request_review.yml:9:19:9:61 | github.event.pull_request.head.label | semmle.label | github.event.pull_request.head.label |
@@ -629,6 +630,7 @@ nodes
 | .github/workflows/test19.yml:124:9:129:6 | Run Step: title3 [title] | semmle.label | Run Step: title3 [title] |
 | .github/workflows/test19.yml:125:14:128:50 | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n | semmle.label | TITLE=$(gh issue view "$ISSUE_NUMBER" --json title,author)\nTITLE=$(echo $TITLE \| jq -r '.title')\necho "title=$TITLE" >> "$GITHUB_OUTPUT"\n |
 | .github/workflows/test19.yml:129:21:129:52 | steps.title3.outputs.title | semmle.label | steps.title3.outputs.title |
+| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | semmle.label | github.event.pull_request.head.ref |
 | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
 | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
 | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
@@ -706,6 +708,7 @@ subpaths
 | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job2.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job2.yml:45:20:45:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
 | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | .github/workflows/inter-job4.yml:22:9:26:6 | Uses Step: source | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job4.yml:44:20:44:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
 | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/inter-job5.yml:45:20:45:53 | needs.job1.outputs.job_output | ${{needs.job1.outputs.job_output}} |
+| .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/priv_pull_request.yml:14:21:14:57 | github.event.pull_request.body | ${{ github.event.pull_request.body }} |
 | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:7:19:7:57 | github.event.commits[11].message | ${{ github.event.commits[11].message }} |
 | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:8:19:8:62 | github.event.commits[11].author.email | ${{ github.event.commits[11].author.email }} |
 | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:9:19:9:61 | github.event.commits[11].author.name | ${{ github.event.commits[11].author.name }} |

csharp/paket.dependencies

@@ -4,7 +4,7 @@ source https://api.nuget.org/v3/index.json
 # behave like nuget in choosing transitive dependency versions
 strategy: max
 
-nuget Basic.CompilerLog.Util
+nuget Basic.CompilerLog.Util 0.9.8
 nuget Mono.Posix.NETStandard
 nuget Newtonsoft.Json
 nuget xunit

csharp/paket.lock

@@ -3,12 +3,12 @@ STRATEGY: MAX
 RESTRICTION: == net9.0
 NUGET
   remote: https://api.nuget.org/v3/index.json
-    Basic.CompilerLog.Util (0.9.4)
+    Basic.CompilerLog.Util (0.9.8)
       MessagePack (>= 2.5.187)
-      Microsoft.CodeAnalysis (>= 4.11)
-      Microsoft.CodeAnalysis.CSharp (>= 4.11)
-      Microsoft.CodeAnalysis.VisualBasic (>= 4.11)
-      Microsoft.Extensions.ObjectPool (>= 9.0)
+      Microsoft.CodeAnalysis (>= 4.12)
+      Microsoft.CodeAnalysis.CSharp (>= 4.12)
+      Microsoft.CodeAnalysis.VisualBasic (>= 4.12)
+      Microsoft.Extensions.ObjectPool (>= 9.0.2)
       MSBuild.StructuredLogger (>= 2.2.243)
       System.Buffers (>= 4.6)
     Humanizer.Core (2.14.1)
@@ -96,7 +96,7 @@ NUGET
       System.Reflection.Metadata (>= 8.0)
       System.Threading.Channels (>= 7.0)
     Microsoft.CodeCoverage (17.12)
-    Microsoft.Extensions.ObjectPool (9.0)
+    Microsoft.Extensions.ObjectPool (9.0.3)
     Microsoft.NET.StringTools (17.12.6)
     Microsoft.NET.Test.Sdk (17.12)
       Microsoft.CodeCoverage (>= 17.12)

docs/codeql/writing-codeql-queries/metadata-for-codeql-queries.rst

@@ -30,6 +30,8 @@ The following properties are supported by all query files:
 +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | ``@id``               | ``<text>``                | A sequence of words composed of lowercase letters or digits, delimited by ``/`` or ``-``, identifying and classifying the query. Each query must have a **unique** ID. To ensure this, it may be helpful to use a fixed structure for each ID. For example, the standard CodeQL queries have the following format: ``<language>/<brief-description>``.                |
 +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``@previous-id``      | ``<text>``                | Indicates that query results were previously reported on a different query. The previous id should be a sequence of words composed of lowercase letters or digits, delimited by ``/`` or ``-``, identifying and classifying the previous query.                                                                                                                       |
++-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 | ``@kind``             | | ``problem``             | Identifies the query is an alert (``@kind problem``) or a path (``@kind path-problem``). For more information on these query types, see ":doc:`About CodeQL queries <about-codeql-queries>`."                                                                                                                                                                         |
 |                       | | ``path-problem``        |                                                                                                                                                                                                                                                                                                                                                                       |
 +-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

docs/query-metadata-style-guide.md

@@ -93,6 +93,10 @@ Note, `@id` properties should be consistent for queries that highlight the same
 * `@id java/tainted-format-string`
 * `@id cpp/tainted-format-string`
 
+#### Query previous ID `@previous-id`
+
+Queries with alerts that used to be reported on a different query should also have an `@previous-id` property to refer back to the query where the alerts were originally reported. For example, if alerts from `java/query-one` are now reported on `java/query-two`, then the metadata for `java/query-two` should contain: `@previous-id java/query-one`.
+
 
 ### Query type `@kind`
 
@@ -113,7 +117,7 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties
   * `medium`
   * `high`
   * `very-high`
-* `@problem.severity`–defines the likelihood that an alert, either security-related or not, causes an actual problem such as incorrect program behavior: 
+* `@problem.severity`–defines the likelihood that an alert, either security-related or not, causes an actual problem such as incorrect program behavior:
   * `error`–an issue that is likely to cause incorrect program behavior, for example a crash or vulnerability.
   * `warning`–an issue that indicates a potential problem in the code, or makes the code fragile if another (unrelated) part of code is changed.
   * `recommendation`–an issue where the code behaves correctly, but it could be improved.

go/Makefile

@@ -52,9 +52,9 @@ ql/lib/go.dbscheme.stats: ql/lib/go.dbscheme build/stats/src.stamp extractor
 	codeql dataset measure -o $@ build/stats/database/db-go
 
 test: all build/testdb/check-upgrade-path
-	codeql test run -j0 ql/test --search-path .. --consistency-queries ql/test/consistency --compilation-cache=$(cache)
+	codeql test run -j0 ql/test --search-path .. --consistency-queries ql/test/consistency --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo)
 #	use GOOS=linux because GOOS=darwin GOARCH=386 is no longer supported
-	env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path .. --consistency-queries ql/test/consistency --compilation-cache=$(cache)
+	env GOOS=linux GOARCH=386 codeql$(EXE) test run -j0 ql/test/query-tests/Security/CWE-681 --search-path .. --consistency-queries ql/test/consistency --compilation-cache=$(cache) --dynamic-join-order-mode=$(rtjo)
 	cd extractor; $(BAZEL) test ...
 	bash extractor-smoke-test/test.sh || (echo "Extractor smoke test FAILED"; exit 1)
 

go/actions/test/action.yml

@@ -9,6 +9,10 @@ inputs:
     description: Whether to run formatting, code and qhelp generation checks
     required: false
     default: false
+  dynamic-join-order-mode:
+    description: Value of the --dynamic-join-order-mode flag to pass to the codeql test command
+    required: false
+    default: "none"
 runs:
   using: composite
   steps:
@@ -74,4 +78,4 @@ runs:
       shell: bash
       run: |
         cd go
-        make test cache="${{ steps.query-cache.outputs.cache-dir }}"
+        make test cache="${{ steps.query-cache.outputs.cache-dir }}" rtjo=${{ inputs.dynamic-join-order-mode }}

go/ql/lib/change-notes/2025-03-03-couchbase-source-models.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* `database` source models have been added for v1 and v2 of the `github.com/couchbase/gocb` package.
+

go/ql/lib/ext/github.com.couchbase.gocb.model.yml

@@ -9,6 +9,32 @@ extensions:
       - ["gocb2", "github.com/couchbase/gocb/v2"]
       - ["gocb2", "gopkg.in/couchbase/gocb.v2"]
       - ["gocb2", "github.com/couchbaselabs/gocb/v2"]
+  - addsTo:
+      pack: codeql/go-all
+      extensible: sourceModel
+    data:
+      - ["group:gocb1", "Cluster", True, "ExecuteAnalyticsQuery", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb1", "Cluster", True, "ExecuteN1qlQuery", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb1", "Cluster", True, "ExecuteSearchQuery", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Cluster", True, "AnalyticsQuery", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Cluster", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Collection", True, "Get", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Collection", True, "GetAndLock", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Collection", True, "GetAndTouch", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Collection", True, "GetAnyReplica", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Collection", True, "LookupIn", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Collection", True, "LookupInAllReplicas", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Collection", True, "LookupInAnyReplica", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Collection", True, "Scan", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Scope", True, "AnalyticsQuery", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "Scope", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "TransactionAttemptContext", True, "Get", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "TransactionAttemptContext", True, "GetReplicaFromPreferredServerGroup", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "TransactionAttemptContext", True, "Insert", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "TransactionAttemptContext", True, "Query", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "TransactionAttemptContext", True, "Replace", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "ViewIndexManager", True, "GetAllDesignDocuments", "", "", "ReturnValue[0]", "database", "manual"]
+      - ["group:gocb2", "ViewIndexManager", True, "GetDesignDocument", "", "", "ReturnValue[0]", "database", "manual"]
   - addsTo:
       pack: codeql/go-all
       extensible: sinkModel
@@ -27,6 +53,9 @@ extensions:
     data:
       - ["group:gocb1", "", False, "NewAnalyticsQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["group:gocb1", "", False, "NewN1qlQuery", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsResults", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsResults", True, "Next", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb1", "AnalyticsResults", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
       - ["group:gocb1", "AnalyticsQuery", True, "ContextId", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
       - ["group:gocb1", "AnalyticsQuery", True, "Deferred", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
       - ["group:gocb1", "AnalyticsQuery", True, "Pretty", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
@@ -43,3 +72,30 @@ extensions:
       - ["group:gocb1", "N1qlQuery", True, "ReadOnly", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
       - ["group:gocb1", "N1qlQuery", True, "ScanCap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
       - ["group:gocb1", "N1qlQuery", True, "Timeout", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "QueryResults", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb1", "QueryResults", True, "Next", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb1", "QueryResults", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb1", "SearchResults", True, "Hits", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"]
+      - ["group:gocb2", "AnalyticsResult", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "AnalyticsResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "AnalyticsResult", True, "Row", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "AnalyticsResultRaw", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "GetResult", True, "Content", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "LookupInAllReplicasResult", True, "Next", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "LookupInResult", True, "ContentAt", "", "", "Argument[receiver]", "Argument[1]", "taint", "manual"]
+      - ["group:gocb2", "MutateInResult", True, "ContentAt", "", "", "Argument[receiver]", "Argument[1]", "taint", "manual"]
+      - ["group:gocb2", "QueryResult", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "QueryResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "QueryResult", True, "Row", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "QueryResultRaw", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "ScanResult", True, "Next", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "ScanResultItem", True, "Content", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "SearchResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "SearchResult", True, "Row", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "SearchResultRaw", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "TransactionGetResult", True, "Content", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "TransactionQueryResult", True, "One", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "TransactionQueryResult", True, "Row", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"]
+      - ["group:gocb2", "ViewResult", True, "Raw", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "ViewResult", True, "Row", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
+      - ["group:gocb2", "ViewResultRaw", True, "NextBytes", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"]

go/ql/lib/semmle/go/Concepts.qll

@@ -357,6 +357,23 @@ module RegexpReplaceFunction {
 class LoggerCall extends DataFlow::Node instanceof LoggerCall::Range {
   /** Gets a node that is a part of the logged message. */
   DataFlow::Node getAMessageComponent() { result = super.getAMessageComponent() }
+
+  /**
+   * Gets a node whose value is a part of the logged message.
+   *
+   * Components corresponding to the format specifier "%T" are excluded as
+   * their type is logged rather than their value.
+   */
+  DataFlow::Node getAValueFormattedMessageComponent() {
+    result = this.getAMessageComponent() and
+    not exists(string formatSpecifier |
+      result = this.(StringOps::Formatting::StringFormatCall).getOperand(_, formatSpecifier) and
+      // We already know that `formatSpecifier` starts with `%`, so we check
+      // that it ends with `T` to confirm that it is `%T` or possibly some
+      // variation on it.
+      formatSpecifier.matches("%T")
+    )
+  }
 }
 
 /** Provides a class for modeling new logging APIs. */

go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll

@@ -40,7 +40,7 @@ module CleartextLogging {
    * An argument to a logging mechanism.
    */
   class LoggerSink extends Sink {
-    LoggerSink() { this = any(LoggerCall log).getAMessageComponent() }
+    LoggerSink() { this = any(LoggerCall log).getAValueFormattedMessageComponent() }
   }
 
   /**

go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll

@@ -35,7 +35,7 @@ module LogInjection {
 
   /** An argument to a logging mechanism. */
   class LoggerSink extends Sink {
-    LoggerSink() { this = any(LoggerCall log).getAMessageComponent() }
+    LoggerSink() { this = any(LoggerCall log).getAValueFormattedMessageComponent() }
   }
 
   /**

go/ql/src/Security/CWE-352/ConstantOauth2State.ql

@@ -138,7 +138,9 @@ predicate privateUrlFlowsToAuthCodeUrlCall(DataFlow::CallNode call) {
 
 module FlowToPrintConfig implements DataFlow::ConfigSig {
   additional predicate isSinkCall(DataFlow::Node sink, DataFlow::CallNode call) {
-    exists(LoggerCall logCall | call = logCall | sink = logCall.getAMessageComponent())
+    exists(LoggerCall logCall | call = logCall |
+      sink = logCall.getAValueFormattedMessageComponent()
+    )
   }
 
   predicate isSource(DataFlow::Node source) { source = any(AuthCodeUrl m).getACall().getResult() }

go/ql/src/change-notes/2025-03-20-logging-false-positive-type-format-specifier.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* False positives in "Log entries created from user input" (`go/log-injection`) and "Clear-text logging of sensitive information" (`go/clear-text-logging`) which involved the verb `%T` in a format specifier have been fixed. As a result, some users may also see more alerts from the "Use of constant `state` value in OAuth 2.0 URL" (`go/constant-oauth2-state`) query.

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/LoggerCall.ql

@@ -4,14 +4,20 @@ import ModelValidation
 import utils.test.InlineExpectationsTest
 
 module LoggerTest implements TestSig {
-  string getARelevantTag() { result = "logger" }
+  string getARelevantTag() { result = ["type-logger", "logger"] }
 
   predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(LoggerCall log |
       log.getLocation() = location and
       element = log.toString() and
-      value = log.getAMessageComponent().toString() and
-      tag = "logger"
+      (
+        value = log.getAValueFormattedMessageComponent().toString() and
+        tag = "logger"
+        or
+        value = log.getAMessageComponent().toString() and
+        not value = log.getAValueFormattedMessageComponent().toString() and
+        tag = "type-logger"
+      )
     )
   }
 }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/glog.go

@@ -30,6 +30,13 @@ func glogTest() {
 	glog.Warningf(fmt, text)   // $ logger=fmt logger=text
 	glog.Warningln(text)       // $ logger=text
 
+	// components corresponding to the format specifier "%T" are not considered vulnerable
+	glog.Errorf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Exitf("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Fatalf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Infof("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	glog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+
 	klog.Error(text)           // $ logger=text
 	klog.ErrorDepth(0, text)   // $ logger=text
 	klog.Errorf(fmt, text)     // $ logger=fmt logger=text
@@ -50,4 +57,11 @@ func glogTest() {
 	klog.WarningDepth(0, text) // $ logger=text
 	klog.Warningf(fmt, text)   // $ logger=fmt logger=text
 	klog.Warningln(text)       // $ logger=text
+
+	// components corresponding to the format specifier "%T" are not considered vulnerable
+	klog.Errorf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Exitf("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Fatalf("%s: found type %T", text, v)   // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Infof("%s: found type %T", text, v)    // $ logger="%s: found type %T" logger=text type-logger=v
+	klog.Warningf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
 }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/logrus.go

@@ -32,4 +32,8 @@ func logrusCalls() {
 	logrus.Panicln(text)     // $ logger=text
 	logrus.Infof(fmt, text)  // $ logger=fmt logger=text
 	logrus.FatalFn(fn)       // $ logger=fn
+
+	// components corresponding to the format specifier "%T" are not considered vulnerable
+	logrus.Infof("%s: found type %T", text, v)  // $ logger="%s: found type %T" logger=text type-logger=v
+	logrus.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
 }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/main.go

@@ -3,6 +3,8 @@ package main
 const fmt = "formatted %s string"
 const text = "test"
 
-func main() {
+var v []byte
 
+func main() {
+	stdlib()
 }

go/ql/test/library-tests/semmle/go/concepts/LoggerCall/stdlib.go

@@ -17,6 +17,11 @@ func stdlib() {
 	logger.Printf(fmt, text) // $ logger=fmt logger=text
 	logger.Println(text)     // $ logger=text
 
+	// components corresponding to the format specifier "%T" are not considered vulnerable
+	logger.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	logger.Panicf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	logger.Printf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+
 	log.SetPrefix("prefix: ")
 	log.Fatal(text)       // $ logger=text
 	log.Fatalf(fmt, text) // $ logger=fmt logger=text
@@ -27,4 +32,9 @@ func stdlib() {
 	log.Print(text)       // $ logger=text
 	log.Printf(fmt, text) // $ logger=fmt logger=text
 	log.Println(text)     // $ logger=text
+
+	// components corresponding to the format specifier "%T" are not considered vulnerable
+	log.Fatalf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	log.Panicf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
+	log.Printf("%s: found type %T", text, v) // $ logger="%s: found type %T" logger=text type-logger=v
 }

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod

@@ -1,9 +1,57 @@
 module test
 
-go 1.22.5
+go 1.24
 
 require (
-	gorm.io/gorm v1.23.0
+	github.com/astaxie/beego v1.12.3
+	github.com/beego/beego/v2 v2.3.5
+	github.com/couchbase/gocb v1.6.7
+	github.com/couchbase/gocb/v2 v2.9.4
 	github.com/jmoiron/sqlx v1.4.0
-	go.mongodb.org/mongo-driver/mongo v1.17.2
+	github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a
+	go.mongodb.org/mongo-driver v1.17.3
+	gorm.io/gorm v1.25.12
+)
+
+require (
+	github.com/couchbase/gocbcore/v10 v10.5.4 // indirect
+	github.com/couchbase/gocbcoreps v0.1.3 // indirect
+	github.com/couchbase/goprotostellar v1.0.2 // indirect
+	github.com/couchbaselabs/gocbconnstr/v2 v2.0.0-20240607131231-fb385523de28 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/jinzhu/inflection v1.0.0 // indirect
+	github.com/jinzhu/now v1.1.5 // indirect
+	github.com/klauspost/compress v1.16.7 // indirect
+	github.com/montanaflynn/stats v0.7.1 // indirect
+	github.com/opentracing/opentracing-go v1.2.0 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/xdg-go/pbkdf2 v1.0.0 // indirect
+	github.com/xdg-go/scram v1.1.2 // indirect
+	github.com/xdg-go/stringprep v1.0.4 // indirect
+	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.26.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/sync v0.8.0 // indirect
+	golang.org/x/sys v0.23.0 // indirect
+	golang.org/x/text v0.17.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect
+	google.golang.org/grpc v1.63.2 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
+	gopkg.in/couchbase/gocbcore.v7 v7.1.18 // indirect
+	gopkg.in/couchbaselabs/gocbconnstr.v1 v1.0.4 // indirect
+	gopkg.in/couchbaselabs/gojcbmock.v1 v1.0.4 // indirect
+	gopkg.in/couchbaselabs/jsonx.v1 v1.0.1 // indirect
 )

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_beego_orm.go

@@ -1,5 +1,8 @@
 package test
 
+//go:generate depstubber -vendor github.com/astaxie/beego/orm Ormer NewOrm
+//go:generate depstubber -vendor github.com/beego/beego/v2/client/orm DB,DQL,Ormer NewOrm
+
 import (
 	oldOrm "github.com/astaxie/beego/orm"
 	"github.com/beego/beego/v2/client/orm"

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_couchbase_gocb_v1.go

@@ -0,0 +1,57 @@
+package test
+
+//go:generate depstubber -vendor github.com/couchbase/gocb Cluster,AnalyticsResults,QueryResults,SearchResults
+
+import "github.com/couchbase/gocb"
+
+func test_couchbase_gocb_v1_Cluster(cluster *gocb.Cluster, aq *gocb.AnalyticsQuery, n1ql *gocb.N1qlQuery, sq *gocb.SearchQuery) {
+	// Analytics
+	r1, err := cluster.ExecuteAnalyticsQuery(aq, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user1, user2 User
+
+	r1.One(&user1)
+	sink(user1) // $ hasTaintFlow="user1"
+
+	for r1.Next(user2) {
+		sink(user2) // $ hasTaintFlow="user2"
+	}
+
+	var b1 []byte
+	b1 = r1.NextBytes()
+	sink(b1) // $ hasTaintFlow="b1"
+
+	// N1QL
+	r2, err := cluster.ExecuteN1qlQuery(n1ql, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user3, user4 User
+
+	r2.One(&user3)
+	sink(user3) // $ hasTaintFlow="user3"
+
+	for r2.Next(user4) {
+		sink(user4) // $ hasTaintFlow="user4"
+	}
+
+	var b2 []byte
+	b2 = r2.NextBytes()
+	sink(b2) // $ hasTaintFlow="b2"
+
+	// Search
+	r3, err := cluster.ExecuteSearchQuery(sq) // $ source
+
+	if err != nil {
+		return
+	}
+
+	hit := r3.Hits()[0]
+	sink(hit) // $ hasTaintFlow="hit"
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_couchbase_gocb_v2.go

@@ -0,0 +1,247 @@
+package test
+
+//go:generate depstubber -vendor github.com/couchbase/gocb/v2 AnalyticsResult,AnalyticsResultRaw,Cluster,Collection,ExistsResult,GetResult,LookupInReplicaResult,LookupInResult,MutateInResult,MutationResult,QueryResult,QueryResultRaw,Result,ScanResult,ScanResultItem,Scope,SearchResult,SearchResultRaw,TransactionAttemptContext,TransactionGetResult,TransactionQueryResult,ViewIndexManager,ViewResult,ViewResultRaw
+
+import "github.com/couchbase/gocb/v2"
+
+func test_couchbase_gocb_v2_Cluster(cluster *gocb.Cluster) {
+	r1, err := cluster.AnalyticsQuery("SELECT * FROM `travel-sample`", nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	for r1.Next() {
+		var name1, name2 string
+
+		r1.One(&name1)
+
+		sink(name1) // $ hasTaintFlow="name1"
+
+		r1.Row(&name2)
+		sink(name2) // $ hasTaintFlow="name2"
+
+		b := r1.Raw().NextBytes()
+		sink(b) // $ hasTaintFlow="b"
+	}
+
+	r2, err := cluster.Query("SELECT * FROM `travel-sample`", nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	for r2.Next() {
+		var name1, name2 string
+
+		r2.One(&name1)
+
+		sink(name1) // $ hasTaintFlow="name1"
+
+		r2.Row(&name2)
+		sink(name2) // $ hasTaintFlow="name2"
+
+		b := r2.Raw().NextBytes()
+		sink(b) // $ hasTaintFlow="b"
+	}
+}
+
+func test_couchbase_gocb_v2_Scope(scope *gocb.Scope) {
+	r1, err := scope.AnalyticsQuery("SELECT * FROM `travel-sample`", nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	for r1.Next() {
+		var name1, name2 string
+
+		r1.One(&name1)
+
+		sink(name1) // $ hasTaintFlow="name1"
+
+		r1.Row(&name2)
+		sink(name2) // $ hasTaintFlow="name2"
+
+		b := r1.Raw().NextBytes()
+		sink(b) // $ hasTaintFlow="b"
+	}
+
+	r2, err := scope.Query("SELECT * FROM `travel-sample`", nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	for r2.Next() {
+		var name1, name2 string
+
+		r2.One(&name1)
+
+		sink(name1) // $ hasTaintFlow="name1"
+
+		r2.Row(&name2)
+		sink(name2) // $ hasTaintFlow="name2"
+
+		b := r2.Raw().NextBytes()
+		sink(b) // $ hasTaintFlow="b"
+	}
+}
+
+func test_couchbase_gocb_v2_Collection(coll *gocb.Collection) {
+	type User struct {
+		Name string
+	}
+
+	var user User
+
+	r1, err := coll.Get("documentID", nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	r1.Content(&user)
+
+	sink(user) // $ hasTaintFlow="user"
+
+	r2, err := coll.GetAndLock("documentID", 30, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	sink(r2) // $ hasTaintFlow="r2"
+
+	r3, err := coll.GetAndTouch("documentID", 30, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user3 User
+	r3.Content(&user3)
+	sink(user3) // $ hasTaintFlow="user3"
+
+	r4, err := coll.GetAnyReplica("documentID", nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	sink(r4) // $ hasTaintFlow="r4"
+
+	r5, err := coll.LookupIn("documentID", []gocb.LookupInSpec{}, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user5 User
+	r5.ContentAt(0, &user5)
+	sink(user5) // $ hasTaintFlow="user5"
+
+	r6, err := coll.LookupInAllReplicas("documentID", []gocb.LookupInSpec{}, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user6 User
+	r6.Next().ContentAt(0, &user6)
+	sink(user6) // $ hasTaintFlow="user6"
+
+	r7, err := coll.LookupInAnyReplica("documentID", []gocb.LookupInSpec{}, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user7 User
+	r7.ContentAt(0, &user7)
+	sink(user7) // $ hasTaintFlow="user7"
+
+	r8, err := coll.Scan(nil, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user8 User
+	r8.Next().Content(&user8)
+	sink(user8) // $ hasTaintFlow="user8"
+}
+
+func test_couchbase_gocb_v2_TransactionAttemptContext(tam *gocb.TransactionAttemptContext, coll *gocb.Collection) {
+	r1, err := tam.Get(coll, "documentID") // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user User
+	r1.Content(&user)
+
+	sink(user) // $ hasTaintFlow="user"
+
+	r2, err := tam.GetReplicaFromPreferredServerGroup(coll, "documentID") // $ source
+
+	if err != nil {
+		return
+	}
+
+	var user2 User
+	r2.Content(&user2)
+	sink(user2) // $ hasTaintFlow="user2"
+
+	var user3 User
+
+	r3, err := tam.Insert(coll, "documentID", &user3) // $ source
+	if err != nil {
+		return
+	}
+
+	var user4 User
+	r3.Content(&user4)
+	sink(user4) // $ hasTaintFlow="user4"
+
+	r4, err := tam.Query("SELECT * FROM `travel-sample`", nil) // $ source
+	if err != nil {
+		return
+	}
+
+	for r4.Next() {
+		var user5 User
+		r4.One(&user5)
+		sink(user5) // $ hasTaintFlow="user5"
+
+		var user6 User
+		r4.Row(&user6)
+		sink(user6) // $ hasTaintFlow="user6"
+	}
+
+	r5, err := tam.Replace(r3, user4) // $ source
+	if err != nil {
+		return
+	}
+
+	sink(r5) // $ hasTaintFlow="r5"
+}
+
+func test_couchbase_gocb_v2_ViewIndexManager(v *gocb.ViewIndexManager) {
+	doc, err := v.GetDesignDocument("name", 0, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	sink(doc) // $ hasTaintFlow="doc"
+
+	docs, err := v.GetAllDesignDocuments(0, nil) // $ source
+
+	if err != nil {
+		return
+	}
+
+	sink(docs) // $ hasTaintFlow="docs"
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gorm.go

@@ -1,5 +1,7 @@
 package test
 
+//go:generate depstubber -vendor gorm.io/gorm Association,ConnPool,DB
+
 import "gorm.io/gorm"
 
 // test querying an Association

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_jmoiron_sqlx.go

@@ -1,5 +1,7 @@
 package test
 
+//go:generate depstubber -vendor github.com/jmoiron/sqlx Conn,DB,NamedStmt,Stmt,Tx Get,GetContext,NamedQuery,NamedQueryContext,Select,SelectContext
+
 import (
 	"context"
 

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/beego/beego/v2/client/orm/stub.go

@@ -2,7 +2,7 @@
 // This is a simple stub for github.com/beego/beego/v2/client/orm, strictly for use in testing.
 
 // See the LICENSE file for information about the licensing of the original library.
-// Source: github.com/beego/beego/v2/client/orm (exports: DQL,DB,Ormer; functions: NewOrm)
+// Source: github.com/beego/beego/v2/client/orm (exports: DB,DQL,Ormer; functions: NewOrm)
 
 // Package orm is a stub of github.com/beego/beego/v2/client/orm, generated by depstubber.
 package orm
@@ -56,30 +56,10 @@ func (_ *Condition) OrNotCond(_ *Condition) *Condition {
 }
 
 type DB struct {
-	RWMutex *sync.RWMutex
-	DB      *sql.DB
+	*sync.RWMutex
+	DB *sql.DB
 }
 
-func (_ DB) Lock() {}
-
-func (_ DB) RLock() {}
-
-func (_ DB) RLocker() sync.Locker {
-	return nil
-}
-
-func (_ DB) RUnlock() {}
-
-func (_ DB) TryLock() bool {
-	return false
-}
-
-func (_ DB) TryRLock() bool {
-	return false
-}
-
-func (_ DB) Unlock() {}
-
 func (_ *DB) Begin() (*sql.Tx, error) {
 	return nil, nil
 }

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/conn.go

@@ -1,26 +0,0 @@
-package sqlx
-
-import (
-	"context"
-	"database/sql"
-)
-
-type Conn struct {
-	*sql.Conn
-}
-
-func (c *Conn) GetContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error {
-	return nil
-}
-
-func (c *Conn) SelectContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error {
-	return nil
-}
-
-func (c *Conn) QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row {
-	return nil
-}
-
-func (c *Conn) QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) {
-	return nil, nil
-}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/db.go

@@ -1,52 +0,0 @@
-package sqlx
-
-import (
-	"context"
-	"database/sql"
-)
-
-type DB struct {
-	*sql.DB
-
-	// Mapper *reflectx.Mapper
-}
-
-func (db *DB) Get(dest interface{}, query string, args ...interface{}) error {
-	return nil
-}
-
-func (db *DB) GetContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error {
-	return nil
-}
-
-func (db *DB) QueryRowx(query string, args ...interface{}) *Row {
-	return nil
-}
-
-func (db *DB) QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row {
-	return nil
-}
-
-func (db *DB) Queryx(query string, args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (db *DB) QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (db *DB) Select(dest interface{}, query string, args ...interface{}) error {
-	return nil
-}
-
-func (db *DB) SelectContext(ctx context.Context, dest interface{}, query string, args ...interface{}) error {
-	return nil
-}
-
-func (db *DB) NamedQuery(query string, arg interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (db *DB) NamedQueryContext(ctx context.Context, query string, arg interface{}) (*Rows, error) {
-	return nil, nil
-}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/namedstmt.go

@@ -1,60 +0,0 @@
-package sqlx
-
-import (
-	"context"
-	"database/sql"
-)
-
-type NamedStmt struct {
-	Params      []string
-	QueryString string
-	Stmt        *sql.Stmt
-}
-
-func (s *NamedStmt) Get(dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (s *NamedStmt) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (s *NamedStmt) QueryRow(args ...interface{}) *Row {
-	return nil
-}
-
-func (s *NamedStmt) QueryRowContext(ctx context.Context, args ...interface{}) *Row {
-	return nil
-}
-
-func (s *NamedStmt) Query(args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (s *NamedStmt) QueryContext(ctx context.Context, args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (s *NamedStmt) QueryRowx(args ...interface{}) *Row {
-	return nil
-}
-
-func (s *NamedStmt) QueryRowxContext(ctx context.Context, args ...interface{}) *Row {
-	return nil
-}
-
-func (s *NamedStmt) Queryx(args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (s *NamedStmt) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (s *NamedStmt) Select(dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (s *NamedStmt) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error {
-	return nil
-}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/row.go

@@ -1,21 +0,0 @@
-package sqlx
-
-type Row struct {
-	// Mapper *reflectx.Mapper
-}
-
-func (r *Row) MapScan(dest map[string]interface{}) error {
-	return nil
-}
-
-func (r *Row) StructScan(dest interface{}) error {
-	return nil
-}
-
-func (r *Row) SliceScan(dest []interface{}) error {
-	return nil
-}
-
-func (r *Row) Scan(dest ...interface{}) error {
-	return nil
-}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/rows.go

@@ -1,22 +0,0 @@
-package sqlx
-
-import "database/sql"
-
-type Rows struct {
-	*sql.Rows
-
-	// Mapper *reflectx.Mapper
-	// contains filtered or unexported fields
-}
-
-func (r *Rows) MapScan(dest map[string]interface{}) error {
-	return nil
-}
-
-func (r *Rows) StructScan(dest interface{}) error {
-	return nil
-}
-
-func (r *Rows) SliceScan(dest []interface{}) error {
-	return nil
-}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stmt.go

@@ -1,42 +0,0 @@
-package sqlx
-
-import (
-	"context"
-	"database/sql"
-)
-
-type Stmt struct {
-	*sql.Stmt
-}
-
-func (s *Stmt) Get(dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (s *Stmt) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (s *Stmt) QueryRowx(args ...interface{}) *Row {
-	return nil
-}
-
-func (s *Stmt) QueryRowxContext(ctx context.Context, args ...interface{}) *Row {
-	return nil
-}
-
-func (s *Stmt) Queryx(args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (s *Stmt) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (s *Stmt) Select(dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (s *Stmt) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error {
-	return nil
-}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/stub.go

@@ -1,67 +1,530 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for github.com/jmoiron/sqlx, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: github.com/jmoiron/sqlx (exports: Conn,DB,NamedStmt,Stmt,Tx; functions: Get,GetContext,NamedQuery,NamedQueryContext,Select,SelectContext)
+
+// Package sqlx is a stub of github.com/jmoiron/sqlx, generated by depstubber.
 package sqlx
 
 import (
-	"context"
-	"database/sql"
+	context "context"
+	sql "database/sql"
 )
 
-type ColScanner interface {
-	Columns() ([]string, error)
-	Scan(dest ...interface{}) error
-	Err() error
+type Conn struct {
+	*sql.Conn
+	Mapper interface{}
 }
 
-type Execer interface {
-	Exec(query string, args ...interface{}) (sql.Result, error)
+func (_ Conn) BeginTx(_ context.Context, _ *sql.TxOptions) (*sql.Tx, error) {
+	return nil, nil
 }
 
-type ExecerContext interface {
-	ExecContext(ctx context.Context, query string, args ...interface{}) (sql.Result, error)
+func (_ Conn) Close() error {
+	return nil
+}
+
+func (_ Conn) ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ Conn) PingContext(_ context.Context) error {
+	return nil
+}
+
+func (_ Conn) PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) {
+	return nil, nil
+}
+
+func (_ Conn) QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ Conn) QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row {
+	return nil
+}
+
+func (_ Conn) Raw(_ func(interface{}) error) error {
+	return nil
+}
+
+func (_ *Conn) BeginTxx(_ context.Context, _ *sql.TxOptions) (*Tx, error) {
+	return nil, nil
+}
+
+func (_ *Conn) GetContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Conn) PreparexContext(_ context.Context, _ string) (*Stmt, error) {
+	return nil, nil
+}
+
+func (_ *Conn) QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row {
+	return nil
+}
+
+func (_ *Conn) QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *Conn) Rebind(_ string) string {
+	return ""
+}
+
+func (_ *Conn) SelectContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+type DB struct {
+	*sql.DB
+	Mapper interface{}
+}
+
+func (_ *DB) BeginTxx(_ context.Context, _ *sql.TxOptions) (*Tx, error) {
+	return nil, nil
+}
+
+func (_ *DB) Beginx() (*Tx, error) {
+	return nil, nil
+}
+
+func (_ *DB) BindNamed(_ string, _ interface{}) (string, []interface{}, error) {
+	return "", nil, nil
+}
+
+func (_ *DB) Connx(_ context.Context) (*Conn, error) {
+	return nil, nil
+}
+
+func (_ *DB) DriverName() string {
+	return ""
+}
+
+func (_ *DB) Get(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *DB) GetContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *DB) MapperFunc(_ func(string) string) {}
+
+func (_ *DB) MustBegin() *Tx {
+	return nil
+}
+
+func (_ *DB) MustBeginTx(_ context.Context, _ *sql.TxOptions) *Tx {
+	return nil
+}
+
+func (_ *DB) MustExec(_ string, _ ...interface{}) sql.Result {
+	return nil
+}
+
+func (_ *DB) MustExecContext(_ context.Context, _ string, _ ...interface{}) sql.Result {
+	return nil
+}
+
+func (_ *DB) NamedExec(_ string, _ interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *DB) NamedExecContext(_ context.Context, _ string, _ interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *DB) NamedQuery(_ string, _ interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *DB) NamedQueryContext(_ context.Context, _ string, _ interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *DB) PrepareNamed(_ string) (*NamedStmt, error) {
+	return nil, nil
+}
+
+func (_ *DB) PrepareNamedContext(_ context.Context, _ string) (*NamedStmt, error) {
+	return nil, nil
+}
+
+func (_ *DB) Preparex(_ string) (*Stmt, error) {
+	return nil, nil
+}
+
+func (_ *DB) PreparexContext(_ context.Context, _ string) (*Stmt, error) {
+	return nil, nil
+}
+
+func (_ *DB) QueryRowx(_ string, _ ...interface{}) *Row {
+	return nil
+}
+
+func (_ *DB) QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row {
+	return nil
+}
+
+func (_ *DB) Queryx(_ string, _ ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *DB) QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *DB) Rebind(_ string) string {
+	return ""
+}
+
+func (_ *DB) Select(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *DB) SelectContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *DB) Unsafe() *DB {
+	return nil
 }
 
 type Ext interface {
-	Queryer
-	Execer
+	BindNamed(_ string, _ interface{}) (string, []interface{}, error)
+	DriverName() string
+	Exec(_ string, _ ...interface{}) (sql.Result, error)
+	Query(_ string, _ ...interface{}) (*sql.Rows, error)
+	QueryRowx(_ string, _ ...interface{}) *Row
+	Queryx(_ string, _ ...interface{}) (*Rows, error)
+	Rebind(_ string) string
 }
 
 type ExtContext interface {
-	QueryerContext
-	ExecerContext
-	// contains filtered or unexported methods
+	BindNamed(_ string, _ interface{}) (string, []interface{}, error)
+	DriverName() string
+	ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error)
+	QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error)
+	QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row
+	QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error)
+	Rebind(_ string) string
+}
+
+func Get(_ Queryer, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func GetContext(_ context.Context, _ QueryerContext, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func NamedQuery(_ Ext, _ string, _ interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func NamedQueryContext(_ context.Context, _ ExtContext, _ string, _ interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+type NamedStmt struct {
+	Params      []string
+	QueryString string
+	Stmt        *Stmt
+}
+
+func (_ *NamedStmt) Close() error {
+	return nil
+}
+
+func (_ *NamedStmt) Exec(_ interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *NamedStmt) ExecContext(_ context.Context, _ interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *NamedStmt) Get(_ interface{}, _ interface{}) error {
+	return nil
+}
+
+func (_ *NamedStmt) GetContext(_ context.Context, _ interface{}, _ interface{}) error {
+	return nil
+}
+
+func (_ *NamedStmt) MustExec(_ interface{}) sql.Result {
+	return nil
+}
+
+func (_ *NamedStmt) MustExecContext(_ context.Context, _ interface{}) sql.Result {
+	return nil
+}
+
+func (_ *NamedStmt) Query(_ interface{}) (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ *NamedStmt) QueryContext(_ context.Context, _ interface{}) (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ *NamedStmt) QueryRow(_ interface{}) *Row {
+	return nil
+}
+
+func (_ *NamedStmt) QueryRowContext(_ context.Context, _ interface{}) *Row {
+	return nil
+}
+
+func (_ *NamedStmt) QueryRowx(_ interface{}) *Row {
+	return nil
+}
+
+func (_ *NamedStmt) QueryRowxContext(_ context.Context, _ interface{}) *Row {
+	return nil
+}
+
+func (_ *NamedStmt) Queryx(_ interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *NamedStmt) QueryxContext(_ context.Context, _ interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *NamedStmt) Select(_ interface{}, _ interface{}) error {
+	return nil
+}
+
+func (_ *NamedStmt) SelectContext(_ context.Context, _ interface{}, _ interface{}) error {
+	return nil
+}
+
+func (_ *NamedStmt) Unsafe() *NamedStmt {
+	return nil
 }
 
 type Queryer interface {
-	Query(query string, args ...interface{}) (*sql.Rows, error)
-	Queryx(query string, args ...interface{}) (*Rows, error)
-	QueryRowx(query string, args ...interface{}) *Row
+	Query(_ string, _ ...interface{}) (*sql.Rows, error)
+	QueryRowx(_ string, _ ...interface{}) *Row
+	Queryx(_ string, _ ...interface{}) (*Rows, error)
 }
 
 type QueryerContext interface {
-	QueryContext(ctx context.Context, query string, args ...interface{}) (*sql.Rows, error)
-	QueryxContext(ctx context.Context, query string, args ...interface{}) (*Rows, error)
-	QueryRowxContext(ctx context.Context, query string, args ...interface{}) *Row
+	QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error)
+	QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row
+	QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error)
 }
 
-func NamedQuery(e Ext, query string, arg interface{}) (*Rows, error) {
-	return e.Queryx(query, arg)
+type Row struct {
+	Mapper interface{}
 }
 
-func NamedQueryContext(ctx context.Context, e ExtContext, query string, arg interface{}) (*Rows, error) {
-	return e.QueryxContext(ctx, query, arg)
+func (_ *Row) ColumnTypes() ([]*sql.ColumnType, error) {
+	return nil, nil
 }
 
-func Get(q Queryer, dest interface{}, query string, args ...interface{}) error {
+func (_ *Row) Columns() ([]string, error) {
+	return nil, nil
+}
+
+func (_ *Row) Err() error {
 	return nil
 }
 
-func GetContext(ctx context.Context, q QueryerContext, dest interface{}, query string, args ...interface{}) error {
+func (_ *Row) MapScan(_ map[string]interface{}) error {
 	return nil
 }
 
-func Select(q Queryer, dest interface{}, query string, args ...interface{}) error {
+func (_ *Row) Scan(_ ...interface{}) error {
 	return nil
 }
 
-func SelectContext(ctx context.Context, q QueryerContext, dest interface{}, query string, args ...interface{}) error {
+func (_ *Row) SliceScan() ([]interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Row) StructScan(_ interface{}) error {
+	return nil
+}
+
+type Rows struct {
+	*sql.Rows
+	Mapper interface{}
+}
+
+func (_ *Rows) MapScan(_ map[string]interface{}) error {
+	return nil
+}
+
+func (_ *Rows) SliceScan() ([]interface{}, error) {
+	return nil, nil
+}
+
+func (_ *Rows) StructScan(_ interface{}) error {
+	return nil
+}
+
+func Select(_ Queryer, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func SelectContext(_ context.Context, _ QueryerContext, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+type Stmt struct {
+	*sql.Stmt
+	Mapper interface{}
+}
+
+func (_ *Stmt) Get(_ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Stmt) GetContext(_ context.Context, _ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Stmt) MustExec(_ ...interface{}) sql.Result {
+	return nil
+}
+
+func (_ *Stmt) MustExecContext(_ context.Context, _ ...interface{}) sql.Result {
+	return nil
+}
+
+func (_ *Stmt) QueryRowx(_ ...interface{}) *Row {
+	return nil
+}
+
+func (_ *Stmt) QueryRowxContext(_ context.Context, _ ...interface{}) *Row {
+	return nil
+}
+
+func (_ *Stmt) Queryx(_ ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *Stmt) QueryxContext(_ context.Context, _ ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *Stmt) Select(_ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Stmt) SelectContext(_ context.Context, _ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Stmt) Unsafe() *Stmt {
+	return nil
+}
+
+type Tx struct {
+	*sql.Tx
+	Mapper interface{}
+}
+
+func (_ *Tx) BindNamed(_ string, _ interface{}) (string, []interface{}, error) {
+	return "", nil, nil
+}
+
+func (_ *Tx) DriverName() string {
+	return ""
+}
+
+func (_ *Tx) Get(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Tx) GetContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Tx) MustExec(_ string, _ ...interface{}) sql.Result {
+	return nil
+}
+
+func (_ *Tx) MustExecContext(_ context.Context, _ string, _ ...interface{}) sql.Result {
+	return nil
+}
+
+func (_ *Tx) NamedExec(_ string, _ interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Tx) NamedExecContext(_ context.Context, _ string, _ interface{}) (sql.Result, error) {
+	return nil, nil
+}
+
+func (_ *Tx) NamedQuery(_ string, _ interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *Tx) NamedStmt(_ *NamedStmt) *NamedStmt {
+	return nil
+}
+
+func (_ *Tx) NamedStmtContext(_ context.Context, _ *NamedStmt) *NamedStmt {
+	return nil
+}
+
+func (_ *Tx) PrepareNamed(_ string) (*NamedStmt, error) {
+	return nil, nil
+}
+
+func (_ *Tx) PrepareNamedContext(_ context.Context, _ string) (*NamedStmt, error) {
+	return nil, nil
+}
+
+func (_ *Tx) Preparex(_ string) (*Stmt, error) {
+	return nil, nil
+}
+
+func (_ *Tx) PreparexContext(_ context.Context, _ string) (*Stmt, error) {
+	return nil, nil
+}
+
+func (_ *Tx) QueryRowx(_ string, _ ...interface{}) *Row {
+	return nil
+}
+
+func (_ *Tx) QueryRowxContext(_ context.Context, _ string, _ ...interface{}) *Row {
+	return nil
+}
+
+func (_ *Tx) Queryx(_ string, _ ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *Tx) QueryxContext(_ context.Context, _ string, _ ...interface{}) (*Rows, error) {
+	return nil, nil
+}
+
+func (_ *Tx) Rebind(_ string) string {
+	return ""
+}
+
+func (_ *Tx) Select(_ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Tx) SelectContext(_ context.Context, _ interface{}, _ string, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Tx) Stmtx(_ interface{}) *Stmt {
+	return nil
+}
+
+func (_ *Tx) StmtxContext(_ context.Context, _ interface{}) *Stmt {
+	return nil
+}
+
+func (_ *Tx) Unsafe() *Tx {
 	return nil
 }

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/jmoiron/sqlx/tx.go

@@ -1,47 +0,0 @@
-package sqlx
-
-import (
-	"context"
-	"database/sql"
-)
-
-type Tx struct {
-	*sql.Tx
-}
-
-func (tx *Tx) Get(dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (tx *Tx) GetContext(ctx context.Context, dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (tx *Tx) QueryRowx(args ...interface{}) *Row {
-	return nil
-}
-
-func (tx *Tx) QueryRowxContext(ctx context.Context, args ...interface{}) *Row {
-
-	return nil
-}
-
-func (tx *Tx) Queryx(args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (tx *Tx) QueryxContext(ctx context.Context, args ...interface{}) (*Rows, error) {
-	return nil, nil
-}
-
-func (tx *Tx) Select(dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (tx *Tx) SelectContext(ctx context.Context, dest interface{}, args ...interface{}) error {
-	return nil
-}
-
-func (tx *Tx) NamedQuery(query string, arg interface{}) (*Rows, error) {
-	return nil, nil
-}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/gorm.io/gorm/stub.go

@@ -1,77 +1,878 @@
+// Code generated by depstubber. DO NOT EDIT.
+// This is a simple stub for gorm.io/gorm, strictly for use in testing.
+
+// See the LICENSE file for information about the licensing of the original library.
+// Source: gorm.io/gorm (exports: Association,ConnPool,DB; functions: )
+
+// Package gorm is a stub of gorm.io/gorm, generated by depstubber.
 package gorm
 
 import (
-	"context"
-	"database/sql"
+	context "context"
+	sql "database/sql"
+	reflect "reflect"
+	strings "strings"
+	sync "sync"
+	time "time"
 )
 
-type DB struct{}
-
-func (db *DB) Find(dest interface{}, conds ...interface{}) *DB {
-	return db
-}
-
-func (db *DB) FindInBatches(dest interface{}, batchSize int, fc func(tx *DB, batch int) error) *DB {
-	return db
-}
-
-func (db *DB) FirstOrCreate(dest interface{}, conds ...interface{}) *DB {
-	return db
-}
-
-func (db *DB) FirstOrInit(dest interface{}, conds ...interface{}) *DB {
-	return db
-}
-
-func (db *DB) First(dest interface{}, conds ...interface{}) *DB {
-	return db
-}
-
-func (db *DB) Model(value interface{}) *DB {
-	return db
-}
-
-func (db *DB) Last(dest interface{}, conds ...interface{}) *DB {
-	return db
-}
-
-func (db *DB) Pluck(column string, dest interface{}) *DB {
-	return db
-}
-
-func (db *DB) Take(dest interface{}, conds ...interface{}) *DB {
-	return db
-}
-
-func (db *DB) Scan(dest interface{}) *DB {
-	return db
-}
-
-func (db *DB) ScanRows(rows *sql.Rows, result interface{}) error {
-	return nil
-}
-
-func (db *DB) Row() *sql.Row {
-	return nil
-}
-
-func (db *DB) Rows() (*sql.Rows, error) {
-	return nil, nil
-}
-
 type Association struct {
-	DB *DB
+	DB           *DB
+	Relationship interface{}
+	Unscope      bool
+	Error        error
 }
 
-func (a *Association) Find(dest interface{}) *Association {
-	return a
+func (_ *Association) Append(_ ...interface{}) error {
+	return nil
+}
+
+func (_ *Association) Clear() error {
+	return nil
+}
+
+func (_ *Association) Count() int64 {
+	return 0
+}
+
+func (_ *Association) Delete(_ ...interface{}) error {
+	return nil
+}
+
+func (_ *Association) Find(_ interface{}, _ ...interface{}) error {
+	return nil
+}
+
+func (_ *Association) Replace(_ ...interface{}) error {
+	return nil
+}
+
+func (_ *Association) Unscoped() *Association {
+	return nil
+}
+
+type ColumnType interface {
+	AutoIncrement() (bool, bool)
+	ColumnType() (string, bool)
+	Comment() (string, bool)
+	DatabaseTypeName() string
+	DecimalSize() (int64, int64, bool)
+	DefaultValue() (string, bool)
+	Length() (int64, bool)
+	Name() string
+	Nullable() (bool, bool)
+	PrimaryKey() (bool, bool)
+	ScanType() reflect.Type
+	Unique() (bool, bool)
+}
+
+type Config struct {
+	SkipDefaultTransaction                   bool
+	NamingStrategy                           interface{}
+	FullSaveAssociations                     bool
+	Logger                                   interface{}
+	NowFunc                                  func() time.Time
+	DryRun                                   bool
+	PrepareStmt                              bool
+	DisableAutomaticPing                     bool
+	DisableForeignKeyConstraintWhenMigrating bool
+	IgnoreRelationshipsWhenMigrating         bool
+	DisableNestedTransaction                 bool
+	AllowGlobalUpdate                        bool
+	QueryFields                              bool
+	CreateBatchSize                          int
+	TranslateError                           bool
+	PropagateUnscoped                        bool
+	ClauseBuilders                           map[string]interface{}
+	ConnPool                                 ConnPool
+	Dialector
+	Plugins map[string]Plugin
+}
+
+func (_ Config) BindVarTo(_ interface{}, _ *Statement, _ interface{}) {}
+
+func (_ Config) DataTypeOf(_ interface{}) string {
+	return ""
+}
+
+func (_ Config) DefaultValueOf(_ interface{}) interface{} {
+	return nil
+}
+
+func (_ Config) Explain(_ string, _ ...interface{}) string {
+	return ""
+}
+
+func (_ Config) Initialize(_ *DB) error {
+	return nil
+}
+
+func (_ Config) Migrator(_ *DB) Migrator {
+	return nil
+}
+
+func (_ Config) Name() string {
+	return ""
+}
+
+func (_ Config) QuoteTo(_ interface{}, _ string) {}
+
+func (_ *Config) AfterInitialize(_ *DB) error {
+	return nil
+}
+
+func (_ *Config) Apply(_ *Config) error {
+	return nil
 }
 
 type ConnPool interface {
-	PrepareContext(ctx context.Context, query string) (*sql.Stmt, error)
-	ExecContext(ctx context.Context, query string, args ...interface{}) (sql.Result, error)
-	QueryContext(ctx context.Context, query string, args ...interface{}) (*sql.Rows, error)
-	QueryRowContext(ctx context.Context, query string, args ...interface{}) *sql.Row
+	ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error)
+	PrepareContext(_ context.Context, _ string) (*sql.Stmt, error)
+	QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error)
+	QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row
 }
 
-type Model interface{}
+type DB struct {
+	*Config
+	Error        error
+	RowsAffected int64
+	Statement    *Statement
+}
+
+func (_ DB) AfterInitialize(_ *DB) error {
+	return nil
+}
+
+func (_ DB) Apply(_ *Config) error {
+	return nil
+}
+
+func (_ DB) BindVarTo(_ interface{}, _ *Statement, _ interface{}) {}
+
+func (_ DB) DataTypeOf(_ interface{}) string {
+	return ""
+}
+
+func (_ DB) DefaultValueOf(_ interface{}) interface{} {
+	return nil
+}
+
+func (_ DB) Explain(_ string, _ ...interface{}) string {
+	return ""
+}
+
+func (_ DB) Initialize(_ *DB) error {
+	return nil
+}
+
+func (_ DB) Name() string {
+	return ""
+}
+
+func (_ DB) QuoteTo(_ interface{}, _ string) {}
+
+func (_ *DB) AddError(_ error) error {
+	return nil
+}
+
+func (_ *DB) Assign(_ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Association(_ string) *Association {
+	return nil
+}
+
+func (_ *DB) Attrs(_ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) AutoMigrate(_ ...interface{}) error {
+	return nil
+}
+
+func (_ *DB) Begin(_ ...*sql.TxOptions) *DB {
+	return nil
+}
+
+func (_ *DB) Callback() interface{} {
+	return nil
+}
+
+func (_ *DB) Clauses(_ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Commit() *DB {
+	return nil
+}
+
+func (_ *DB) Connection(_ func(*DB) error) error {
+	return nil
+}
+
+func (_ *DB) Count(_ *int64) *DB {
+	return nil
+}
+
+func (_ *DB) Create(_ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) CreateInBatches(_ interface{}, _ int) *DB {
+	return nil
+}
+
+func (_ *DB) DB() (*sql.DB, error) {
+	return nil, nil
+}
+
+func (_ *DB) Debug() *DB {
+	return nil
+}
+
+func (_ *DB) Delete(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Distinct(_ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Exec(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Find(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) FindInBatches(_ interface{}, _ int, _ func(*DB, int) error) *DB {
+	return nil
+}
+
+func (_ *DB) First(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) FirstOrCreate(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) FirstOrInit(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Get(_ string) (interface{}, bool) {
+	return nil, false
+}
+
+func (_ *DB) Group(_ string) *DB {
+	return nil
+}
+
+func (_ *DB) Having(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) InnerJoins(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) InstanceGet(_ string) (interface{}, bool) {
+	return nil, false
+}
+
+func (_ *DB) InstanceSet(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Joins(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Last(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Limit(_ int) *DB {
+	return nil
+}
+
+func (_ *DB) MapColumns(_ map[string]string) *DB {
+	return nil
+}
+
+func (_ *DB) Migrator() Migrator {
+	return nil
+}
+
+func (_ *DB) Model(_ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Not(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Offset(_ int) *DB {
+	return nil
+}
+
+func (_ *DB) Omit(_ ...string) *DB {
+	return nil
+}
+
+func (_ *DB) Or(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Order(_ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Pluck(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Preload(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Raw(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Rollback() *DB {
+	return nil
+}
+
+func (_ *DB) RollbackTo(_ string) *DB {
+	return nil
+}
+
+func (_ *DB) Row() *sql.Row {
+	return nil
+}
+
+func (_ *DB) Rows() (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ *DB) Save(_ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) SavePoint(_ string) *DB {
+	return nil
+}
+
+func (_ *DB) Scan(_ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) ScanRows(_ *sql.Rows, _ interface{}) error {
+	return nil
+}
+
+func (_ *DB) Scopes(_ ...func(*DB) *DB) *DB {
+	return nil
+}
+
+func (_ *DB) Select(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Session(_ *Session) *DB {
+	return nil
+}
+
+func (_ *DB) Set(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) SetupJoinTable(_ interface{}, _ string, _ interface{}) error {
+	return nil
+}
+
+func (_ *DB) Table(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Take(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) ToSQL(_ func(*DB) *DB) string {
+	return ""
+}
+
+func (_ *DB) Transaction(_ func(*DB) error, _ ...*sql.TxOptions) error {
+	return nil
+}
+
+func (_ *DB) Unscoped() *DB {
+	return nil
+}
+
+func (_ *DB) Update(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) UpdateColumn(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) UpdateColumns(_ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Updates(_ interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) Use(_ Plugin) error {
+	return nil
+}
+
+func (_ *DB) Where(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ *DB) WithContext(_ context.Context) *DB {
+	return nil
+}
+
+type Dialector interface {
+	BindVarTo(_ interface{}, _ *Statement, _ interface{})
+	DataTypeOf(_ interface{}) string
+	DefaultValueOf(_ interface{}) interface{}
+	Explain(_ string, _ ...interface{}) string
+	Initialize(_ *DB) error
+	Migrator(_ *DB) Migrator
+	Name() string
+	QuoteTo(_ interface{}, _ string)
+}
+
+type Index interface {
+	Columns() []string
+	Name() string
+	Option() string
+	PrimaryKey() (bool, bool)
+	Table() string
+	Unique() (bool, bool)
+}
+
+type Migrator interface {
+	AddColumn(_ interface{}, _ string) error
+	AlterColumn(_ interface{}, _ string) error
+	AutoMigrate(_ ...interface{}) error
+	ColumnTypes(_ interface{}) ([]ColumnType, error)
+	CreateConstraint(_ interface{}, _ string) error
+	CreateIndex(_ interface{}, _ string) error
+	CreateTable(_ ...interface{}) error
+	CreateView(_ string, _ ViewOption) error
+	CurrentDatabase() string
+	DropColumn(_ interface{}, _ string) error
+	DropConstraint(_ interface{}, _ string) error
+	DropIndex(_ interface{}, _ string) error
+	DropTable(_ ...interface{}) error
+	DropView(_ string) error
+	FullDataTypeOf(_ interface{}) interface{}
+	GetIndexes(_ interface{}) ([]Index, error)
+	GetTables() ([]string, error)
+	GetTypeAliases(_ string) []string
+	HasColumn(_ interface{}, _ string) bool
+	HasConstraint(_ interface{}, _ string) bool
+	HasIndex(_ interface{}, _ string) bool
+	HasTable(_ interface{}) bool
+	MigrateColumn(_ interface{}, _ interface{}, _ ColumnType) error
+	MigrateColumnUnique(_ interface{}, _ interface{}, _ ColumnType) error
+	RenameColumn(_ interface{}, _ string, _ string) error
+	RenameIndex(_ interface{}, _ string, _ string) error
+	RenameTable(_ interface{}, _ interface{}) error
+	TableType(_ interface{}) (TableType, error)
+}
+
+type Plugin interface {
+	Initialize(_ *DB) error
+	Name() string
+}
+
+type Session struct {
+	DryRun                   bool
+	PrepareStmt              bool
+	NewDB                    bool
+	Initialized              bool
+	SkipHooks                bool
+	SkipDefaultTransaction   bool
+	DisableNestedTransaction bool
+	AllowGlobalUpdate        bool
+	FullSaveAssociations     bool
+	PropagateUnscoped        bool
+	QueryFields              bool
+	Context                  context.Context
+	Logger                   interface{}
+	NowFunc                  func() time.Time
+	CreateBatchSize          int
+}
+
+type Statement struct {
+	*DB
+	TableExpr            interface{}
+	Table                string
+	Model                interface{}
+	Unscoped             bool
+	Dest                 interface{}
+	ReflectValue         reflect.Value
+	Clauses              map[string]interface{}
+	BuildClauses         []string
+	Distinct             bool
+	Selects              []string
+	Omits                []string
+	ColumnMapping        map[string]string
+	Joins                []interface{}
+	Preloads             map[string][]interface{}
+	Settings             sync.Map
+	ConnPool             ConnPool
+	Schema               interface{}
+	Context              context.Context
+	RaiseErrorOnNotFound bool
+	SkipHooks            bool
+	SQL                  strings.Builder
+	Vars                 []interface{}
+	CurDestIndex         int
+}
+
+func (_ Statement) AddError(_ error) error {
+	return nil
+}
+
+func (_ Statement) AfterInitialize(_ *DB) error {
+	return nil
+}
+
+func (_ Statement) Apply(_ *Config) error {
+	return nil
+}
+
+func (_ Statement) Assign(_ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Association(_ string) *Association {
+	return nil
+}
+
+func (_ Statement) Attrs(_ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) AutoMigrate(_ ...interface{}) error {
+	return nil
+}
+
+func (_ Statement) Begin(_ ...*sql.TxOptions) *DB {
+	return nil
+}
+
+func (_ Statement) BindVarTo(_ interface{}, _ *Statement, _ interface{}) {}
+
+func (_ Statement) Callback() interface{} {
+	return nil
+}
+
+func (_ Statement) Commit() *DB {
+	return nil
+}
+
+func (_ Statement) Connection(_ func(*DB) error) error {
+	return nil
+}
+
+func (_ Statement) Count(_ *int64) *DB {
+	return nil
+}
+
+func (_ Statement) Create(_ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) CreateInBatches(_ interface{}, _ int) *DB {
+	return nil
+}
+
+func (_ Statement) DataTypeOf(_ interface{}) string {
+	return ""
+}
+
+func (_ Statement) Debug() *DB {
+	return nil
+}
+
+func (_ Statement) DefaultValueOf(_ interface{}) interface{} {
+	return nil
+}
+
+func (_ Statement) Delete(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Exec(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Explain(_ string, _ ...interface{}) string {
+	return ""
+}
+
+func (_ Statement) Find(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) FindInBatches(_ interface{}, _ int, _ func(*DB, int) error) *DB {
+	return nil
+}
+
+func (_ Statement) First(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) FirstOrCreate(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) FirstOrInit(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Get(_ string) (interface{}, bool) {
+	return nil, false
+}
+
+func (_ Statement) Group(_ string) *DB {
+	return nil
+}
+
+func (_ Statement) Having(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Initialize(_ *DB) error {
+	return nil
+}
+
+func (_ Statement) InnerJoins(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) InstanceGet(_ string) (interface{}, bool) {
+	return nil, false
+}
+
+func (_ Statement) InstanceSet(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Last(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Limit(_ int) *DB {
+	return nil
+}
+
+func (_ Statement) MapColumns(_ map[string]string) *DB {
+	return nil
+}
+
+func (_ Statement) Migrator() Migrator {
+	return nil
+}
+
+func (_ Statement) Name() string {
+	return ""
+}
+
+func (_ Statement) Not(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Offset(_ int) *DB {
+	return nil
+}
+
+func (_ Statement) Omit(_ ...string) *DB {
+	return nil
+}
+
+func (_ Statement) Or(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Order(_ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Pluck(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Preload(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Raw(_ string, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Rollback() *DB {
+	return nil
+}
+
+func (_ Statement) RollbackTo(_ string) *DB {
+	return nil
+}
+
+func (_ Statement) Row() *sql.Row {
+	return nil
+}
+
+func (_ Statement) Rows() (*sql.Rows, error) {
+	return nil, nil
+}
+
+func (_ Statement) Save(_ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) SavePoint(_ string) *DB {
+	return nil
+}
+
+func (_ Statement) Scan(_ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) ScanRows(_ *sql.Rows, _ interface{}) error {
+	return nil
+}
+
+func (_ Statement) Scopes(_ ...func(*DB) *DB) *DB {
+	return nil
+}
+
+func (_ Statement) Select(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Session(_ *Session) *DB {
+	return nil
+}
+
+func (_ Statement) Set(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) SetupJoinTable(_ interface{}, _ string, _ interface{}) error {
+	return nil
+}
+
+func (_ Statement) Take(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) ToSQL(_ func(*DB) *DB) string {
+	return ""
+}
+
+func (_ Statement) Transaction(_ func(*DB) error, _ ...*sql.TxOptions) error {
+	return nil
+}
+
+func (_ Statement) Update(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) UpdateColumn(_ string, _ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) UpdateColumns(_ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Updates(_ interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) Use(_ Plugin) error {
+	return nil
+}
+
+func (_ Statement) Where(_ interface{}, _ ...interface{}) *DB {
+	return nil
+}
+
+func (_ Statement) WithContext(_ context.Context) *DB {
+	return nil
+}
+
+func (_ *Statement) AddClause(_ interface{}) {}
+
+func (_ *Statement) AddClauseIfNotExists(_ interface{}) {}
+
+func (_ *Statement) AddVar(_ interface{}, _ ...interface{}) {}
+
+func (_ *Statement) Build(_ ...string) {}
+
+func (_ *Statement) BuildCondition(_ interface{}, _ ...interface{}) []interface{} {
+	return nil
+}
+
+func (_ *Statement) Changed(_ ...string) bool {
+	return false
+}
+
+func (_ *Statement) Parse(_ interface{}) error {
+	return nil
+}
+
+func (_ *Statement) ParseWithSpecialTableName(_ interface{}, _ string) error {
+	return nil
+}
+
+func (_ *Statement) Quote(_ interface{}) string {
+	return ""
+}
+
+func (_ *Statement) QuoteTo(_ interface{}, _ interface{}) {}
+
+func (_ *Statement) SelectAndOmitColumns(_ bool, _ bool) (map[string]bool, bool) {
+	return nil, false
+}
+
+func (_ *Statement) SetColumn(_ string, _ interface{}, _ ...bool) {}
+
+func (_ *Statement) WriteByte(_ byte) error {
+	return nil
+}
+
+func (_ *Statement) WriteQuoted(_ interface{}) {}
+
+func (_ *Statement) WriteString(_ string) (int, error) {
+	return 0, nil
+}
+
+type TableType interface {
+	Comment() (string, bool)
+	Name() string
+	Schema() string
+	Type() string
+}
+
+type ViewOption struct {
+	Replace     bool
+	CheckOption string
+	Query       *DB
+}

go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt

@@ -1,9 +1,144 @@
-# gorm.io/gorm v1.23.0
+# github.com/astaxie/beego v1.12.3
 ## explicit
-gorm.io/gorm
+github.com/astaxie/beego/orm
+# github.com/beego/beego/v2 v2.3.5
+## explicit
+github.com/beego/beego/v2/client/orm
+# github.com/couchbase/gocb v1.6.7
+## explicit
+github.com/couchbase/gocb
+# github.com/couchbase/gocb/v2 v2.9.4
+## explicit
+github.com/couchbase/gocb/v2
 # github.com/jmoiron/sqlx v1.4.0
 ## explicit
 github.com/jmoiron/sqlx
-# go.mongodb.org/mongo-driver/mongo v1.17.2
+# github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a
+## explicit
+github.com/rqlite/gorqlite
+# go.mongodb.org/mongo-driver v1.17.3
 ## explicit
 go.mongodb.org/mongo-driver/mongo
+# gorm.io/gorm v1.25.12
+## explicit
+gorm.io/gorm
+# github.com/couchbase/gocbcore/v10 v10.5.4
+## explicit
+github.com/couchbase/gocbcore/v10
+# github.com/couchbase/gocbcoreps v0.1.3
+## explicit
+github.com/couchbase/gocbcoreps
+# github.com/couchbase/goprotostellar v1.0.2
+## explicit
+github.com/couchbase/goprotostellar
+# github.com/couchbaselabs/gocbconnstr/v2 v2.0.0-20240607131231-fb385523de28
+## explicit
+github.com/couchbaselabs/gocbconnstr/v2
+# github.com/go-logr/logr v1.4.1
+## explicit
+github.com/go-logr/logr
+# github.com/go-logr/stdr v1.2.2
+## explicit
+github.com/go-logr/stdr
+# github.com/golang/snappy v0.0.4
+## explicit
+github.com/golang/snappy
+# github.com/google/uuid v1.6.0
+## explicit
+github.com/google/uuid
+# github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
+## explicit
+github.com/grpc-ecosystem/go-grpc-middleware
+# github.com/hashicorp/golang-lru v0.5.4
+## explicit
+github.com/hashicorp/golang-lru
+# github.com/jinzhu/inflection v1.0.0
+## explicit
+github.com/jinzhu/inflection
+# github.com/jinzhu/now v1.1.5
+## explicit
+github.com/jinzhu/now
+# github.com/klauspost/compress v1.16.7
+## explicit
+github.com/klauspost/compress
+# github.com/montanaflynn/stats v0.7.1
+## explicit
+github.com/montanaflynn/stats
+# github.com/opentracing/opentracing-go v1.2.0
+## explicit
+github.com/opentracing/opentracing-go
+# github.com/pkg/errors v0.9.1
+## explicit
+github.com/pkg/errors
+# github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18
+## explicit
+github.com/shiena/ansicolor
+# github.com/valyala/bytebufferpool v1.0.0
+## explicit
+github.com/valyala/bytebufferpool
+# github.com/xdg-go/pbkdf2 v1.0.0
+## explicit
+github.com/xdg-go/pbkdf2
+# github.com/xdg-go/scram v1.1.2
+## explicit
+github.com/xdg-go/scram
+# github.com/xdg-go/stringprep v1.0.4
+## explicit
+github.com/xdg-go/stringprep
+# github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78
+## explicit
+github.com/youmark/pkcs8
+# go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0
+## explicit
+go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
+# go.opentelemetry.io/otel v1.24.0
+## explicit
+go.opentelemetry.io/otel
+# go.opentelemetry.io/otel/metric v1.24.0
+## explicit
+go.opentelemetry.io/otel/metric
+# go.opentelemetry.io/otel/trace v1.24.0
+## explicit
+go.opentelemetry.io/otel/trace
+# go.uber.org/multierr v1.11.0
+## explicit
+go.uber.org/multierr
+# go.uber.org/zap v1.27.0
+## explicit
+go.uber.org/zap
+# golang.org/x/crypto v0.26.0
+## explicit
+golang.org/x/crypto
+# golang.org/x/net v0.24.0
+## explicit
+golang.org/x/net
+# golang.org/x/sync v0.8.0
+## explicit
+golang.org/x/sync
+# golang.org/x/sys v0.23.0
+## explicit
+golang.org/x/sys
+# golang.org/x/text v0.17.0
+## explicit
+golang.org/x/text
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda
+## explicit
+google.golang.org/genproto/googleapis/rpc
+# google.golang.org/grpc v1.63.2
+## explicit
+google.golang.org/grpc
+# google.golang.org/protobuf v1.34.2
+## explicit
+google.golang.org/protobuf
+# gopkg.in/couchbase/gocbcore.v7 v7.1.18
+## explicit
+gopkg.in/couchbase/gocbcore.v7
+# gopkg.in/couchbaselabs/gocbconnstr.v1 v1.0.4
+## explicit
+gopkg.in/couchbaselabs/gocbconnstr.v1
+# gopkg.in/couchbaselabs/gojcbmock.v1 v1.0.4
+## explicit
+gopkg.in/couchbaselabs/gojcbmock.v1
+# gopkg.in/couchbaselabs/jsonx.v1 v1.0.1
+## explicit
+gopkg.in/couchbaselabs/jsonx.v1

go/ql/test/query-tests/Security/CWE-117/LogInjection.go

@@ -30,52 +30,54 @@ import (
 
 func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 	username := req.URL.Query()["username"][0]
-	slice := []any{"username", username}
+	password := req.URL.Query()["password"][0]
+	formatString := req.URL.Query()["formatString"][0]
 	testFlag := req.URL.Query()["testFlag"][0]
+	slice := []any{"username", username}
 
 	{
-		fmt.Print(username)       // $ hasTaintFlow="username"
-		fmt.Printf(username)      // $ hasTaintFlow="username"
-		fmt.Println(username)     // $ hasTaintFlow="username"
-		fmt.Fprint(nil, username) // Fprint functions are only loggers if they target stdout/stderr
-		fmt.Fprintf(nil, username)
-		fmt.Fprintln(nil, username)
+		fmt.Print(username, password)                // $ hasTaintFlow="username" hasTaintFlow="password"
+		fmt.Printf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		fmt.Println(username, password)              // $ hasTaintFlow="username" hasTaintFlow="password"
+		fmt.Fprint(nil, username, password)          // Fprint functions are only loggers if they target stdout/stderr
+		fmt.Fprintf(nil, formatString, username, password)
+		fmt.Fprintln(nil, username, password)
 	}
 	// log
 	{
-		log.Print("user %s logged in.\n", username)   // $ hasTaintFlow="username"
-		log.Printf("user %s logged in.\n", username)  // $ hasTaintFlow="username"
-		log.Println("user %s logged in.\n", username) // $ hasTaintFlow="username"
+		log.Print("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		log.Printf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		log.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 
 		if testFlag == "true" {
-			log.Fatal("user %s logged in.\n", username) // $ hasTaintFlow="username"
+			log.Fatal("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
 		if testFlag == "true" {
-			log.Fatalf("user %s logged in.\n", username) // $ hasTaintFlow="username"
+			log.Fatalf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		}
 		if testFlag == "true" {
-			log.Fatalln("user %s logged in.\n", username) // $ hasTaintFlow="username"
+			log.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
 		if testFlag == "true" {
-			log.Panic("user %s logged in.\n", username) // $ hasTaintFlow="username"
+			log.Panic("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
 		if testFlag == "true" {
-			log.Panicf("user %s logged in.\n", username) // $ hasTaintFlow="username"
+			log.Panicf(formatString, username, password) // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
 		}
 		if testFlag == "true" {
-			log.Panicln("user %s logged in.\n", username) // $ hasTaintFlow="username"
+			log.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 		}
 
 		logger := log.Default()
-		logger.Print("user %s logged in.\n", username)   // $ hasTaintFlow="username"
-		logger.Printf("user %s logged in.\n", username)  // $ hasTaintFlow="username"
-		logger.Println("user %s logged in.\n", username) // $ hasTaintFlow="username"
-		logger.Fatal("user %s logged in.\n", username)   // $ hasTaintFlow="username"
-		logger.Fatalf("user %s logged in.\n", username)  // $ hasTaintFlow="username"
-		logger.Fatalln("user %s logged in.\n", username) // $ hasTaintFlow="username"
-		logger.Panic("user %s logged in.\n", username)   // $ hasTaintFlow="username"
-		logger.Panicf("user %s logged in.\n", username)  // $ hasTaintFlow="username"
-		logger.Panicln("user %s logged in.\n", username) // $ hasTaintFlow="username"
+		logger.Print("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Printf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Println("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatal("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatalf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Fatalln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panic("user is logged in:", username, password)   // $ hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panicf(formatString, username, password)          // $ hasTaintFlow="formatString" hasTaintFlow="username" hasTaintFlow="password"
+		logger.Panicln("user is logged in:", username, password) // $ hasTaintFlow="username" hasTaintFlow="password"
 	}
 	// k8s.io/klog
 	{
@@ -421,7 +423,6 @@ func handler(req *http.Request, ctx *goproxy.ProxyCtx) {
 		simpleLogger.Tracew("%s", username)    // $ hasTaintFlow="username"
 		simpleLogger.Debugw("%s %s", slice...) // $ hasTaintFlow="slice"
 	}
-
 }
 
 type Logger interface {
@@ -514,8 +515,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		verbose.Infof("user %q logged in.\n", username)
 		klog.Infof("user %q logged in.\n", username)
 		klog.Errorf("user %q logged in.\n", username)
-		klog.Fatalf("user %q logged in.\n", username)
-		klog.Exitf("user %q logged in.\n", username)
+		if testFlag == " true" {
+			klog.Fatalf("user %q logged in.\n", username)
+		}
+		if testFlag == " true" {
+			klog.Exitf("user %q logged in.\n", username)
+		}
 	}
 	// elazarl/goproxy
 	{
@@ -529,16 +534,24 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 
 		glog.Infof("user %q logged in.\n", username)
 		glog.Errorf("user %q logged in.\n", username)
-		glog.Fatalf("user %q logged in.\n", username)
-		glog.Exitf("user %q logged in.\n", username)
+		if testFlag == " true" {
+			glog.Fatalf("user %q logged in.\n", username)
+		}
+		if testFlag == " true" {
+			glog.Exitf("user %q logged in.\n", username)
+		}
 	}
 	// sirupsen/logrus
 	{
 		logrus.Debugf("user %q logged in.\n", username)
 		logrus.Errorf("user %q logged in.\n", username)
-		logrus.Fatalf("user %q logged in.\n", username)
+		if testFlag == " true" {
+			logrus.Fatalf("user %q logged in.\n", username)
+		}
 		logrus.Infof("user %q logged in.\n", username)
-		logrus.Panicf("user %q logged in.\n", username)
+		if testFlag == " true" {
+			logrus.Panicf("user %q logged in.\n", username)
+		}
 		logrus.Printf("user %q logged in.\n", username)
 		logrus.Tracef("user %q logged in.\n", username)
 		logrus.Warnf("user %q logged in.\n", username)
@@ -548,10 +561,14 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		entry := logrus.WithFields(fields)
 		entry.Debugf("user %q logged in.\n", username)
 		entry.Errorf("user %q logged in.\n", username)
-		entry.Fatalf("user %q logged in.\n", username)
+		if testFlag == " true" {
+			entry.Fatalf("user %q logged in.\n", username)
+		}
 		entry.Infof("user %q logged in.\n", username)
 		entry.Logf(0, "user %q logged in.\n", username)
-		entry.Panicf("user %q logged in.\n", username)
+		if testFlag == " true" {
+			entry.Panicf("user %q logged in.\n", username)
+		}
 		entry.Printf("user %q logged in.\n", username)
 		entry.Tracef("user %q logged in.\n", username)
 		entry.Warnf("user %q logged in.\n", username)
@@ -560,10 +577,14 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		logger := entry.Logger
 		logger.Debugf("user %q logged in.\n", username)
 		logger.Errorf("user %q logged in.\n", username)
-		logger.Fatalf("user %q logged in.\n", username)
+		if testFlag == " true" {
+			logger.Fatalf("user %q logged in.\n", username)
+		}
 		logger.Infof("user %q logged in.\n", username)
 		logger.Logf(0, "user %q logged in.\n", username)
-		logger.Panicf("user %q logged in.\n", username)
+		if testFlag == " true" {
+			logger.Panicf("user %q logged in.\n", username)
+		}
 		logger.Printf("user %q logged in.\n", username)
 		logger.Tracef("user %q logged in.\n", username)
 		logger.Warnf("user %q logged in.\n", username)
@@ -599,8 +620,12 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		verbose.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 		klog.Infof("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
 		klog.Errorf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		klog.Fatalf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		klog.Exitf("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
+		if testFlag == " true" {
+			klog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
+		if testFlag == " true" {
+			klog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
 	}
 	// elazarl/goproxy
 	{
@@ -614,16 +639,24 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 
 		glog.Infof("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
 		glog.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
-		glog.Exitf("user %#q logged in.\n", username)  // $ hasTaintFlow="username"
+		if testFlag == " true" {
+			glog.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
+		if testFlag == " true" {
+			glog.Exitf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
 	}
 	// sirupsen/logrus
 	{
-		logrus.Debugf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		logrus.Errorf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		logrus.Fatalf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		logrus.Infof("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
-		logrus.Panicf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
+		logrus.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		logrus.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		if testFlag == " true" {
+			logrus.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
+		logrus.Infof("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		if testFlag == " true" {
+			logrus.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
 		logrus.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		logrus.Tracef("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		logrus.Warnf("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
@@ -631,24 +664,32 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 
 		fields := make(logrus.Fields)
 		entry := logrus.WithFields(fields)
-		entry.Debugf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		entry.Errorf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		entry.Fatalf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		entry.Infof("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
-		entry.Logf(0, "user %#q logged in.\n", username)  // $ hasTaintFlow="username"
-		entry.Panicf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
+		entry.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		entry.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		if testFlag == " true" {
+			entry.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
+		entry.Infof("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
+		entry.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		if testFlag == " true" {
+			entry.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
 		entry.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		entry.Tracef("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		entry.Warnf("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
 		entry.Warningf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 
 		logger := entry.Logger
-		logger.Debugf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		logger.Errorf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		logger.Fatalf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
-		logger.Infof("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
-		logger.Logf(0, "user %#q logged in.\n", username)  // $ hasTaintFlow="username"
-		logger.Panicf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
+		logger.Debugf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		logger.Errorf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		if testFlag == " true" {
+			logger.Fatalf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
+		logger.Infof("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
+		logger.Logf(0, "user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		if testFlag == " true" {
+			logger.Panicf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
+		}
 		logger.Printf("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		logger.Tracef("user %#q logged in.\n", username)   // $ hasTaintFlow="username"
 		logger.Warnf("user %#q logged in.\n", username)    // $ hasTaintFlow="username"
@@ -677,3 +718,9 @@ func handlerGood4(req *http.Request, ctx *goproxy.ProxyCtx) {
 		sLogger.Warnf("user %#q logged in.\n", username) // $ hasTaintFlow="username"
 	}
 }
+
+// GOOD: User-provided values formatted using a %T directive, which prints the type of the argument
+func handlerGood5(req *http.Request) {
+	object := req.URL.Query()["username"][0]
+	log.Printf("found object of type %T.\n", object)
+}

go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected

@@ -1,35 +1,35 @@
 #select
-| klog.go:22:15:22:20 | header | klog.go:20:30:20:37 | selection of Header | klog.go:22:15:22:20 | header | $@ flows to a logging call. | klog.go:20:30:20:37 | selection of Header | Sensitive data returned by HTTP request headers |
-| klog.go:28:13:28:41 | call to Get | klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | $@ flows to a logging call. | klog.go:28:13:28:20 | selection of Header | Sensitive data returned by HTTP request headers |
-| main.go:15:12:15:19 | password | main.go:15:12:15:19 | password | main.go:15:12:15:19 | password | $@ flows to a logging call. | main.go:15:12:15:19 | password | Sensitive data returned by an access to password |
-| main.go:16:17:16:24 | password | main.go:16:17:16:24 | password | main.go:16:17:16:24 | password | $@ flows to a logging call. | main.go:16:17:16:24 | password | Sensitive data returned by an access to password |
-| main.go:17:13:17:20 | password | main.go:17:13:17:20 | password | main.go:17:13:17:20 | password | $@ flows to a logging call. | main.go:17:13:17:20 | password | Sensitive data returned by an access to password |
-| main.go:18:14:18:21 | password | main.go:18:14:18:21 | password | main.go:18:14:18:21 | password | $@ flows to a logging call. | main.go:18:14:18:21 | password | Sensitive data returned by an access to password |
-| main.go:19:12:19:19 | password | main.go:19:12:19:19 | password | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:19:12:19:19 | password | Sensitive data returned by an access to password |
-| main.go:20:17:20:24 | password | main.go:20:17:20:24 | password | main.go:20:17:20:24 | password | $@ flows to a logging call. | main.go:20:17:20:24 | password | Sensitive data returned by an access to password |
-| main.go:21:13:21:20 | password | main.go:21:13:21:20 | password | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:21:13:21:20 | password | Sensitive data returned by an access to password |
-| main.go:22:14:22:21 | password | main.go:22:14:22:21 | password | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:22:14:22:21 | password | Sensitive data returned by an access to password |
-| main.go:23:12:23:19 | password | main.go:23:12:23:19 | password | main.go:23:12:23:19 | password | $@ flows to a logging call. | main.go:23:12:23:19 | password | Sensitive data returned by an access to password |
-| main.go:24:17:24:24 | password | main.go:24:17:24:24 | password | main.go:24:17:24:24 | password | $@ flows to a logging call. | main.go:24:17:24:24 | password | Sensitive data returned by an access to password |
-| main.go:25:13:25:20 | password | main.go:25:13:25:20 | password | main.go:25:13:25:20 | password | $@ flows to a logging call. | main.go:25:13:25:20 | password | Sensitive data returned by an access to password |
-| main.go:26:14:26:21 | password | main.go:26:14:26:21 | password | main.go:26:14:26:21 | password | $@ flows to a logging call. | main.go:26:14:26:21 | password | Sensitive data returned by an access to password |
-| main.go:27:16:27:23 | password | main.go:27:16:27:23 | password | main.go:27:16:27:23 | password | $@ flows to a logging call. | main.go:27:16:27:23 | password | Sensitive data returned by an access to password |
-| main.go:30:10:30:17 | password | main.go:30:10:30:17 | password | main.go:30:10:30:17 | password | $@ flows to a logging call. | main.go:30:10:30:17 | password | Sensitive data returned by an access to password |
-| main.go:31:15:31:22 | password | main.go:31:15:31:22 | password | main.go:31:15:31:22 | password | $@ flows to a logging call. | main.go:31:15:31:22 | password | Sensitive data returned by an access to password |
-| main.go:32:11:32:18 | password | main.go:32:11:32:18 | password | main.go:32:11:32:18 | password | $@ flows to a logging call. | main.go:32:11:32:18 | password | Sensitive data returned by an access to password |
-| main.go:33:12:33:19 | password | main.go:33:12:33:19 | password | main.go:33:12:33:19 | password | $@ flows to a logging call. | main.go:33:12:33:19 | password | Sensitive data returned by an access to password |
-| main.go:34:10:34:17 | password | main.go:34:10:34:17 | password | main.go:34:10:34:17 | password | $@ flows to a logging call. | main.go:34:10:34:17 | password | Sensitive data returned by an access to password |
-| main.go:35:15:35:22 | password | main.go:35:15:35:22 | password | main.go:35:15:35:22 | password | $@ flows to a logging call. | main.go:35:15:35:22 | password | Sensitive data returned by an access to password |
-| main.go:36:11:36:18 | password | main.go:36:11:36:18 | password | main.go:36:11:36:18 | password | $@ flows to a logging call. | main.go:36:11:36:18 | password | Sensitive data returned by an access to password |
-| main.go:37:12:37:19 | password | main.go:37:12:37:19 | password | main.go:37:12:37:19 | password | $@ flows to a logging call. | main.go:37:12:37:19 | password | Sensitive data returned by an access to password |
-| main.go:38:10:38:17 | password | main.go:38:10:38:17 | password | main.go:38:10:38:17 | password | $@ flows to a logging call. | main.go:38:10:38:17 | password | Sensitive data returned by an access to password |
-| main.go:39:15:39:22 | password | main.go:39:15:39:22 | password | main.go:39:15:39:22 | password | $@ flows to a logging call. | main.go:39:15:39:22 | password | Sensitive data returned by an access to password |
-| main.go:40:11:40:18 | password | main.go:40:11:40:18 | password | main.go:40:11:40:18 | password | $@ flows to a logging call. | main.go:40:11:40:18 | password | Sensitive data returned by an access to password |
-| main.go:41:12:41:19 | password | main.go:41:12:41:19 | password | main.go:41:12:41:19 | password | $@ flows to a logging call. | main.go:41:12:41:19 | password | Sensitive data returned by an access to password |
-| main.go:42:14:42:21 | password | main.go:42:14:42:21 | password | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:42:14:42:21 | password | Sensitive data returned by an access to password |
-| main.go:44:12:44:19 | password | main.go:44:12:44:19 | password | main.go:44:12:44:19 | password | $@ flows to a logging call. | main.go:44:12:44:19 | password | Sensitive data returned by an access to password |
-| main.go:45:17:45:24 | password | main.go:45:17:45:24 | password | main.go:45:17:45:24 | password | $@ flows to a logging call. | main.go:45:17:45:24 | password | Sensitive data returned by an access to password |
-| main.go:52:35:52:42 | password | main.go:52:35:52:42 | password | main.go:52:35:52:42 | password | $@ flows to a logging call. | main.go:52:35:52:42 | password | Sensitive data returned by an access to password |
+| klog.go:23:15:23:20 | header | klog.go:21:30:21:37 | selection of Header | klog.go:23:15:23:20 | header | $@ flows to a logging call. | klog.go:21:30:21:37 | selection of Header | Sensitive data returned by HTTP request headers |
+| klog.go:29:13:29:41 | call to Get | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | $@ flows to a logging call. | klog.go:29:13:29:20 | selection of Header | Sensitive data returned by HTTP request headers |
+| main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | $@ flows to a logging call. | main.go:16:12:16:19 | password | Sensitive data returned by an access to password |
+| main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | $@ flows to a logging call. | main.go:17:19:17:26 | password | Sensitive data returned by an access to password |
+| main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | $@ flows to a logging call. | main.go:18:13:18:20 | password | Sensitive data returned by an access to password |
+| main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | $@ flows to a logging call. | main.go:19:14:19:21 | password | Sensitive data returned by an access to password |
+| main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | $@ flows to a logging call. | main.go:20:12:20:19 | password | Sensitive data returned by an access to password |
+| main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | $@ flows to a logging call. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password |
+| main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | $@ flows to a logging call. | main.go:22:13:22:20 | password | Sensitive data returned by an access to password |
+| main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | $@ flows to a logging call. | main.go:23:14:23:21 | password | Sensitive data returned by an access to password |
+| main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | $@ flows to a logging call. | main.go:24:12:24:19 | password | Sensitive data returned by an access to password |
+| main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | $@ flows to a logging call. | main.go:25:19:25:26 | password | Sensitive data returned by an access to password |
+| main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | $@ flows to a logging call. | main.go:26:13:26:20 | password | Sensitive data returned by an access to password |
+| main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | $@ flows to a logging call. | main.go:27:14:27:21 | password | Sensitive data returned by an access to password |
+| main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | $@ flows to a logging call. | main.go:28:16:28:23 | password | Sensitive data returned by an access to password |
+| main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | $@ flows to a logging call. | main.go:32:10:32:17 | password | Sensitive data returned by an access to password |
+| main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | $@ flows to a logging call. | main.go:33:17:33:24 | password | Sensitive data returned by an access to password |
+| main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | $@ flows to a logging call. | main.go:34:11:34:18 | password | Sensitive data returned by an access to password |
+| main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | $@ flows to a logging call. | main.go:35:12:35:19 | password | Sensitive data returned by an access to password |
+| main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | $@ flows to a logging call. | main.go:36:10:36:17 | password | Sensitive data returned by an access to password |
+| main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | $@ flows to a logging call. | main.go:37:17:37:24 | password | Sensitive data returned by an access to password |
+| main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | $@ flows to a logging call. | main.go:38:11:38:18 | password | Sensitive data returned by an access to password |
+| main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | $@ flows to a logging call. | main.go:39:12:39:19 | password | Sensitive data returned by an access to password |
+| main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | $@ flows to a logging call. | main.go:40:10:40:17 | password | Sensitive data returned by an access to password |
+| main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | $@ flows to a logging call. | main.go:41:17:41:24 | password | Sensitive data returned by an access to password |
+| main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | $@ flows to a logging call. | main.go:42:11:42:18 | password | Sensitive data returned by an access to password |
+| main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | $@ flows to a logging call. | main.go:43:12:43:19 | password | Sensitive data returned by an access to password |
+| main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | $@ flows to a logging call. | main.go:44:14:44:21 | password | Sensitive data returned by an access to password |
+| main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | $@ flows to a logging call. | main.go:47:12:47:19 | password | Sensitive data returned by an access to password |
+| main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | $@ flows to a logging call. | main.go:48:17:48:24 | password | Sensitive data returned by an access to password |
+| main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | $@ flows to a logging call. | main.go:55:35:55:42 | password | Sensitive data returned by an access to password |
 | overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password |
 | passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password |
 | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:25:14:25:21 | password | Sensitive data returned by an access to password |
@@ -55,11 +55,11 @@
 | passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword | passwords.go:127:14:127:21 | selection of y | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword |
 | protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:12:22:12:29 | password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:12:22:12:29 | password | Sensitive data returned by an access to password |
 edges
-| klog.go:20:3:25:3 | range statement[1] | klog.go:21:27:21:33 | headers | provenance |  |
-| klog.go:20:30:20:37 | selection of Header | klog.go:20:3:25:3 | range statement[1] | provenance | Src:MaD:1 Config |
-| klog.go:21:4:24:4 | range statement[1] | klog.go:22:15:22:20 | header | provenance |  |
-| klog.go:21:27:21:33 | headers | klog.go:21:4:24:4 | range statement[1] | provenance | Config |
-| klog.go:28:13:28:20 | selection of Header | klog.go:28:13:28:41 | call to Get | provenance | Src:MaD:1 Config |
+| klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance |  |
+| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:1 Config |
+| klog.go:22:4:25:4 | range statement[1] | klog.go:23:15:23:20 | header | provenance |  |
+| klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | range statement[1] | provenance | Config |
+| klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:1 Config |
 | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance |  |
 | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance |  |
 | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance |  |
@@ -101,42 +101,42 @@ edges
 models
 | 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual |
 nodes
-| klog.go:20:3:25:3 | range statement[1] | semmle.label | range statement[1] |
-| klog.go:20:30:20:37 | selection of Header | semmle.label | selection of Header |
-| klog.go:21:4:24:4 | range statement[1] | semmle.label | range statement[1] |
-| klog.go:21:27:21:33 | headers | semmle.label | headers |
-| klog.go:22:15:22:20 | header | semmle.label | header |
-| klog.go:28:13:28:20 | selection of Header | semmle.label | selection of Header |
-| klog.go:28:13:28:41 | call to Get | semmle.label | call to Get |
-| main.go:15:12:15:19 | password | semmle.label | password |
-| main.go:16:17:16:24 | password | semmle.label | password |
-| main.go:17:13:17:20 | password | semmle.label | password |
-| main.go:18:14:18:21 | password | semmle.label | password |
-| main.go:19:12:19:19 | password | semmle.label | password |
-| main.go:20:17:20:24 | password | semmle.label | password |
-| main.go:21:13:21:20 | password | semmle.label | password |
-| main.go:22:14:22:21 | password | semmle.label | password |
-| main.go:23:12:23:19 | password | semmle.label | password |
-| main.go:24:17:24:24 | password | semmle.label | password |
-| main.go:25:13:25:20 | password | semmle.label | password |
-| main.go:26:14:26:21 | password | semmle.label | password |
-| main.go:27:16:27:23 | password | semmle.label | password |
-| main.go:30:10:30:17 | password | semmle.label | password |
-| main.go:31:15:31:22 | password | semmle.label | password |
-| main.go:32:11:32:18 | password | semmle.label | password |
-| main.go:33:12:33:19 | password | semmle.label | password |
-| main.go:34:10:34:17 | password | semmle.label | password |
-| main.go:35:15:35:22 | password | semmle.label | password |
-| main.go:36:11:36:18 | password | semmle.label | password |
-| main.go:37:12:37:19 | password | semmle.label | password |
-| main.go:38:10:38:17 | password | semmle.label | password |
-| main.go:39:15:39:22 | password | semmle.label | password |
-| main.go:40:11:40:18 | password | semmle.label | password |
-| main.go:41:12:41:19 | password | semmle.label | password |
-| main.go:42:14:42:21 | password | semmle.label | password |
-| main.go:44:12:44:19 | password | semmle.label | password |
-| main.go:45:17:45:24 | password | semmle.label | password |
-| main.go:52:35:52:42 | password | semmle.label | password |
+| klog.go:21:3:26:3 | range statement[1] | semmle.label | range statement[1] |
+| klog.go:21:30:21:37 | selection of Header | semmle.label | selection of Header |
+| klog.go:22:4:25:4 | range statement[1] | semmle.label | range statement[1] |
+| klog.go:22:27:22:33 | headers | semmle.label | headers |
+| klog.go:23:15:23:20 | header | semmle.label | header |
+| klog.go:29:13:29:20 | selection of Header | semmle.label | selection of Header |
+| klog.go:29:13:29:41 | call to Get | semmle.label | call to Get |
+| main.go:16:12:16:19 | password | semmle.label | password |
+| main.go:17:19:17:26 | password | semmle.label | password |
+| main.go:18:13:18:20 | password | semmle.label | password |
+| main.go:19:14:19:21 | password | semmle.label | password |
+| main.go:20:12:20:19 | password | semmle.label | password |
+| main.go:21:19:21:26 | password | semmle.label | password |
+| main.go:22:13:22:20 | password | semmle.label | password |
+| main.go:23:14:23:21 | password | semmle.label | password |
+| main.go:24:12:24:19 | password | semmle.label | password |
+| main.go:25:19:25:26 | password | semmle.label | password |
+| main.go:26:13:26:20 | password | semmle.label | password |
+| main.go:27:14:27:21 | password | semmle.label | password |
+| main.go:28:16:28:23 | password | semmle.label | password |
+| main.go:32:10:32:17 | password | semmle.label | password |
+| main.go:33:17:33:24 | password | semmle.label | password |
+| main.go:34:11:34:18 | password | semmle.label | password |
+| main.go:35:12:35:19 | password | semmle.label | password |
+| main.go:36:10:36:17 | password | semmle.label | password |
+| main.go:37:17:37:24 | password | semmle.label | password |
+| main.go:38:11:38:18 | password | semmle.label | password |
+| main.go:39:12:39:19 | password | semmle.label | password |
+| main.go:40:10:40:17 | password | semmle.label | password |
+| main.go:41:17:41:24 | password | semmle.label | password |
+| main.go:42:11:42:18 | password | semmle.label | password |
+| main.go:43:12:43:19 | password | semmle.label | password |
+| main.go:44:14:44:21 | password | semmle.label | password |
+| main.go:47:12:47:19 | password | semmle.label | password |
+| main.go:48:17:48:24 | password | semmle.label | password |
+| main.go:55:35:55:42 | password | semmle.label | password |
 | overrides.go:9:9:9:16 | password | semmle.label | password |
 | overrides.go:13:14:13:23 | call to String | semmle.label | call to String |
 | passwords.go:8:12:8:12 | definition of x | semmle.label | definition of x |

go/ql/test/query-tests/Security/CWE-312/CleartextLogging.qlref

@@ -1,2 +1,4 @@
 query: Security/CWE-312/CleartextLogging.ql
-postprocess: utils/test/PrettyPrintModels.ql
+postprocess:
+  - utils/test/PrettyPrintModels.ql
+  - utils/test/InlineExpectationsTestQuery.ql

go/ql/test/query-tests/Security/CWE-312/klog.go

@@ -3,9 +3,10 @@ package main
 //go:generate depstubber -vendor k8s.io/klog "" Info
 
 import (
-	"k8s.io/klog"
 	"net/http"
 	"strings"
+
+	"k8s.io/klog"
 )
 
 func mask(key, value string) string {
@@ -17,15 +18,15 @@ func mask(key, value string) string {
 
 func klogTest() {
 	http.HandleFunc("/klog", func(w http.ResponseWriter, r *http.Request) {
-		for name, headers := range r.Header {
+		for name, headers := range r.Header { // $ Source
 			for _, header := range headers {
-				klog.Info(header)             // NOT OK
+				klog.Info(header)             // $ Alert
 				klog.Info(mask(name, header)) // OK
 			}
 		}
 		klog.Info(r.Header.Get("Accept"))        // OK
 		klog.Info(r.Header["Content-Type"])      // OK
-		klog.Info(r.Header.Get("Authorization")) // NOT OK
+		klog.Info(r.Header.Get("Authorization")) // $ Alert
 	})
 	http.ListenAndServe(":80", nil)
 }

go/ql/test/query-tests/Security/CWE-312/main.go

@@ -4,51 +4,54 @@ package main
 //go:generate depstubber -vendor github.com/golang/glog "" Info
 
 import (
+	"log"
+
 	"github.com/golang/glog"
 	"github.com/sirupsen/logrus"
-	"log"
 )
 
 func main() {
 	password := "P4ssw0rd"
 
-	log.Print(password)
-	log.Printf("", password)
-	log.Printf(password, "")
-	log.Println(password)
-	log.Fatal(password)
-	log.Fatalf("", password)
-	log.Fatalf(password, "")
-	log.Fatalln(password)
-	log.Panic(password)
-	log.Panicf("", password)
-	log.Panicf(password, "")
-	log.Panicln(password)
-	log.Output(0, password)
+	log.Print(password)        // $ Alert
+	log.Printf("%s", password) // $ Alert
+	log.Printf(password, "")   // $ Alert
+	log.Println(password)      // $ Alert
+	log.Fatal(password)        // $ Alert
+	log.Fatalf("%s", password) // $ Alert
+	log.Fatalf(password, "")   // $ Alert
+	log.Fatalln(password)      // $ Alert
+	log.Panic(password)        // $ Alert
+	log.Panicf("%s", password) // $ Alert
+	log.Panicf(password, "")   // $ Alert
+	log.Panicln(password)      // $ Alert
+	log.Output(0, password)    // $ Alert
+	log.Printf("%T", password)
 
 	l := log.Default()
-	l.Print(password)
-	l.Printf("", password)
-	l.Printf(password, "")
-	l.Println(password)
-	l.Fatal(password)
-	l.Fatalf("", password)
-	l.Fatalf(password, "")
-	l.Fatalln(password)
-	l.Panic(password)
-	l.Panicf("", password)
-	l.Panicf(password, "")
-	l.Panicln(password)
-	l.Output(0, password)
+	l.Print(password)        // $ Alert
+	l.Printf("%s", password) // $ Alert
+	l.Printf(password, "")   // $ Alert
+	l.Println(password)      // $ Alert
+	l.Fatal(password)        // $ Alert
+	l.Fatalf("%s", password) // $ Alert
+	l.Fatalf(password, "")   // $ Alert
+	l.Fatalln(password)      // $ Alert
+	l.Panic(password)        // $ Alert
+	l.Panicf("%s", password) // $ Alert
+	l.Panicf(password, "")   // $ Alert
+	l.Panicln(password)      // $ Alert
+	l.Output(0, password)    // $ Alert
+	l.Printf("%T", password)
 
-	glog.Info(password)
-	logrus.Warning(password)
+	glog.Info(password)      // $ Alert
+	logrus.Warning(password) // $ Alert
 
 	fields := make(logrus.Fields)
 	fields["pass"] = password
 	entry := logrus.WithFields(fields)
 	entry.Errorf("")
 
-	entry = logrus.WithField("pass", password)
+	entry = logrus.WithField("pass", password) // $ Alert
 	entry.Panic("")
 }

go/ql/test/query-tests/Security/CWE-312/overrides.go

@@ -6,10 +6,10 @@ type s struct{}
 
 func (_ s) String() string {
 	password := "horsebatterystaplecorrect"
-	return password
+	return password // $ Source
 }
 
 func overrideTest(x s, y fmt.Stringer) {
-	fmt.Println(x.String()) // NOT OK
+	fmt.Println(x.String()) // $ Alert
 	fmt.Println(y.String()) // OK
 }

go/ql/test/query-tests/Security/CWE-312/passwords.go

@@ -6,7 +6,7 @@ import (
 )
 
 func myLog(x string) {
-	log.Println(x) // NOT OK
+	log.Println(x) // $ Alert
 }
 
 func redact(kind, value string) string {
@@ -22,33 +22,33 @@ func test() {
 	x := "horsebatterystapleincorrect"
 	var o passStruct
 
-	log.Println(password)        // NOT OK
-	log.Println(o.password)      // NOT OK
-	log.Println(getPassword())   // NOT OK
-	log.Println(o.getPassword()) // NOT OK
+	log.Println(password)        // $ Alert
+	log.Println(o.password)      // $ Alert
+	log.Println(getPassword())   // $ Alert
+	log.Println(o.getPassword()) // $ Alert
 
-	myLog(password)
+	myLog(password) // $ Source
 
-	log.Panic(password) // NOT OK
+	log.Panic(password) // $ Alert
 
-	log.Println(name + ", " + password) // NOT OK
+	log.Println(name + ", " + password) // $ Alert
 
 	obj1 := passStruct{
-		password: x,
+		password: x, // $ Source
 	}
-	log.Println(obj1) // NOT OK
+	log.Println(obj1) // $ Alert
 
 	obj2 := xStruct{
-		x: password,
+		x: password, // $ Source
 	}
-	log.Println(obj2) // NOT OK
+	log.Println(obj2) // $ Alert
 
 	var obj3 xStruct
-	log.Println(obj3) // caught because of the below line
-	obj3.x = password // NOT OK
+	log.Println(obj3) // $ SPURIOUS: Alert // caught because of the below line and def-use flow
+	obj3.x = password // $ Source
 
 	fixed_password := "cowbatterystaplecorrect"
-	log.Println(fixed_password) // Probably OK, but caught
+	log.Println(fixed_password) // $ Alert // Probably OK
 
 	log.Println(IncorrectPasswordError) // OK
 
@@ -83,12 +83,12 @@ func test() {
 	log.Println(password_sha) // OK
 
 	utilityObject := passSetStruct{
-		passwordSet: make(map[string]bool),
+		passwordSet: make(map[string]bool), // $ Source
 	}
-	log.Println(utilityObject) // NOT OK
+	log.Println(utilityObject) // $ Alert
 
-	secret := password
-	log.Printf("pw: %s", secret) // NOT OK
+	secret := password           // $ Source
+	log.Printf("pw: %s", secret) // $ Alert
 
 	log.Println("Password is: " + redact("password", password))
 
@@ -98,33 +98,33 @@ func test() {
 	if t.test(y) {
 		f()
 		// ...
-		log.Println("Password is: " + password) // NOT OK
+		log.Println("Password is: " + password) // $ Alert
 		// ...
 	}
 
 	if t.test(y) {
 		if f() {
-			log.Println("Password is: " + password) // NOT OK
+			log.Println("Password is: " + password) // $ Alert
 		}
 	}
 
 	if os.Getenv("APP_ENV") != "production" {
-		log.Println("Password is: " + password) // OK, but still flagged
+		log.Println("Password is: " + password) // $ SPURIOUS: Alert
 	}
 
 	var password1 stringable = stringable{"arstneio"}
-	log.Println(name + ", " + password1.String()) // NOT OK
+	log.Println(name + ", " + password1.String()) // $ Alert
 
 	config := Config{
-		password: x,
+		password: x, // $ Source
 		hostname: "tarski",
-		x:        password,
-		y:        getPassword(),
+		x:        password,      // $ Source
+		y:        getPassword(), // $ Source
 	}
 	log.Println(config.hostname) // OK
-	log.Println(config)          // NOT OK
-	log.Println(config.x)        // NOT OK
-	log.Println(config.y)        // NOT OK
+	log.Println(config)          // $ Alert
+	log.Println(config.x)        // $ Alert
+	log.Println(config.y)        // $ Alert
 
 	obj4 := xStruct{
 		x: "aaaaa",

go/ql/test/query-tests/Security/CWE-312/protobuf.go

@@ -9,8 +9,8 @@ func testProtobuf() {
 	password := "P@ssw0rd"
 
 	query := &query.Query{}
-	query.Description = password
+	query.Description = password // $ Source
 
-	log.Println(query.GetDescription()) // NOT OK
+	log.Println(query.GetDescription()) // $ Alert
 	log.Println(query.GetId())          // OK
 }

javascript/ql/lib/change-notes/2025-03-24-got-package.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Improved support for `got` package with `Options`, `paginate()` and `extend()`

javascript/ql/lib/semmle/javascript/frameworks/ClientRequests.qll

@@ -414,20 +414,74 @@ module ClientRequest {
     }
   }
 
+  /**
+   * Represents an instance of the `got` HTTP client library.
+   */
+  abstract private class GotInstance extends API::Node {
+    /**
+     * Gets the options object associated with this instance of `got`.
+     */
+    API::Node getOptions() { none() }
+  }
+
+  /**
+   * Represents the root `got` module import.
+   * For example: `const got = require('got')`.
+   */
+  private class RootGotInstance extends GotInstance {
+    RootGotInstance() { this = API::moduleImport("got") }
+  }
+
+  /**
+   * Represents an instance of `got` created by calling the `extend()` method.
+   * It may also be chained with multiple calls to `extend()`.
+   *
+   * For example: `const client = got.extend({ prefixUrl: 'https://example.com' })`.
+   */
+  private class ExtendGotInstance extends GotInstance {
+    private GotInstance base;
+    private API::CallNode extendCall;
+
+    ExtendGotInstance() {
+      extendCall = base.getMember("extend").getACall() and
+      this = extendCall.getReturn()
+    }
+
+    override API::Node getOptions() {
+      result = extendCall.getParameter(0) or result = base.getOptions()
+    }
+  }
+
   /**
    * A model of a URL request made using the `got` library.
    */
   class GotUrlRequest extends ClientRequest::Range {
+    GotInstance got;
+
     GotUrlRequest() {
-      exists(API::Node callee, API::Node got | this = callee.getACall() |
-        got = [API::moduleImport("got"), API::moduleImport("got").getMember("extend").getReturn()] and
-        callee = [got, got.getMember(["stream", "get", "post", "put", "patch", "head", "delete"])]
+      exists(API::Node callee | this = callee.getACall() |
+        callee =
+          [
+            got,
+            got.getMember(["stream", "get", "post", "put", "patch", "head", "delete", "paginate"])
+          ]
       )
     }
 
     override DataFlow::Node getUrl() {
       result = this.getArgument(0) and
       not exists(this.getOptionArgument(1, "baseUrl"))
+      or
+      // Handle URL from options passed to extend()
+      result = got.getOptions().getMember("url").asSink() and
+      not exists(this.getArgument(0))
+      or
+      // Handle URL from options passed as third argument when first arg is undefined/missing
+      exists(API::InvokeNode optionsCall |
+        optionsCall = API::moduleImport("got").getMember("Options").getAnInvocation() and
+        optionsCall.getReturn().getAValueReachableFromSource() = this.getAnArgument() and
+        result = optionsCall.getParameter(0).getMember("url").asSink()
+      )
     }
 
     override DataFlow::Node getHost() {

javascript/ql/test/library-tests/frameworks/ClientRequests/ClientRequests.expected

@@ -97,6 +97,12 @@ test_ClientRequest
 | tst.js:319:5:319:26 | superag ... ', url) |
 | tst.js:320:5:320:23 | superagent.del(url) |
 | tst.js:321:5:321:32 | superag ... st(url) |
+| tst.js:328:5:328:38 | got(und ... ptions) |
+| tst.js:329:5:329:49 | got(und ... {url})) |
+| tst.js:332:5:332:46 | got.ext ... ).get() |
+| tst.js:334:5:334:25 | got.pag ... rl, {}) |
+| tst.js:337:5:337:20 | jsonClient.get() |
+| tst.js:340:5:340:21 | jsonClient2.get() |
 test_getADataNode
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:15:18:15:55 | { 'Cont ... json' } |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:16:15:16:35 | {x: 'te ... 'test'} |
@@ -254,6 +260,14 @@ test_getUrl
 | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:23:319:25 | url |
 | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:20:320:22 | url |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:29:321:31 | url |
+| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:327:34:327:36 | url |
+| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:9:328:17 | undefined |
+| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:9:329:17 | undefined |
+| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:44:329:46 | url |
+| tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:18:334:20 | url |
+| tst.js:337:5:337:20 | jsonClient.get() | tst.js:336:41:336:43 | url |
+| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:42:339:44 | url |
+| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:339:61:339:63 | url |
 test_getAResponseDataNode
 | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | axiosTest.js:4:5:7:6 | axios({ ... \\n    }) | json | true |
 | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | axiosTest.js:12:5:17:6 | axios({ ... \\n    }) | json | true |
@@ -334,3 +348,9 @@ test_getAResponseDataNode
 | tst.js:319:5:319:26 | superag ... ', url) | tst.js:319:5:319:26 | superag ... ', url) | stream | true |
 | tst.js:320:5:320:23 | superagent.del(url) | tst.js:320:5:320:23 | superagent.del(url) | stream | true |
 | tst.js:321:5:321:32 | superag ... st(url) | tst.js:321:5:321:32 | superag ... st(url) | stream | true |
+| tst.js:328:5:328:38 | got(und ... ptions) | tst.js:328:5:328:38 | got(und ... ptions) | text | true |
+| tst.js:329:5:329:49 | got(und ... {url})) | tst.js:329:5:329:49 | got(und ... {url})) | text | true |
+| tst.js:332:5:332:46 | got.ext ... ).get() | tst.js:332:5:332:46 | got.ext ... ).get() | text | true |
+| tst.js:334:5:334:25 | got.pag ... rl, {}) | tst.js:334:5:334:25 | got.pag ... rl, {}) | text | true |
+| tst.js:337:5:337:20 | jsonClient.get() | tst.js:337:5:337:20 | jsonClient.get() | text | true |
+| tst.js:340:5:340:21 | jsonClient2.get() | tst.js:340:5:340:21 | jsonClient2.get() | text | true |

javascript/ql/test/library-tests/frameworks/ClientRequests/tst.js

@@ -320,3 +320,22 @@ function useSuperagent(url){
     superagent.del(url);
     superagent.agent().post(url).send(data);
 }
+
+import { Options } from 'got';
+
+function gotTests(url){
+    const options = new Options({url});
+    got(undefined, undefined, options);
+    got(undefined, undefined, new Options({url}));
+
+    const options2 = new Options({url});
+    got.extend(options2).extend(options).get();
+
+    got.paginate(url, {});
+
+    const jsonClient = got.extend({url: url});
+    jsonClient.get();
+
+    const jsonClient2 = got.extend({url: url}).extend({url: url});
+    jsonClient2.get();
+}

ql/ql/src/codeql_ql/ast/Yaml.qll

@@ -64,4 +64,15 @@ class QlRefDocument extends YamlDocument {
       value = n.lookup("postprocess").(YamlSequence).getElement(_)
     )
   }
+
+  predicate isPrintAst() {
+    this.getFile().getStem() = "PrintAst"
+    or
+    exists(YamlMapping n, YamlScalar value |
+      n.getDocument() = this and
+      value.getValue().matches("%PrintAst%")
+    |
+      value = n.lookup("query")
+    )
+  }
 }

ql/ql/src/queries/style/QlRefInlineExpectations.ql

@@ -11,5 +11,7 @@ import ql
 import codeql_ql.ast.Yaml
 
 from QlRefDocument f
-where not f.usesInlineExpectations()
+where
+  not f.usesInlineExpectations() and
+  not f.isPrintAst()
 select f, "Query test does not use inline test expectations."

ql/ql/test/queries/style/QlRefInlineExpectations/PrintAst.expected

@@ -0,0 +1 @@
+|  |

ql/ql/test/queries/style/QlRefInlineExpectations/PrintAst.qlref

@@ -0,0 +1 @@
+dummy/PrintAst.ql

ql/ql/test/queries/style/QlRefInlineExpectations/Test4.expected

@@ -0,0 +1 @@
+|  |

ql/ql/test/queries/style/QlRefInlineExpectations/Test4.qlref

@@ -0,0 +1 @@
+query: dummy/PrintAst.ql

ql/ql/test/queries/style/QlRefInlineExpectations/dummy/PrintAst.expected

@@ -0,0 +1 @@
+|  |

ql/ql/test/queries/style/QlRefInlineExpectations/dummy/PrintAst.ql

@@ -0,0 +1 @@
+select ""

rust/ql/integration-tests/hello-workspace/exe/src/main.rs

@@ -1,7 +1,7 @@
-use lib::a_module::hello;
+use lib::a_module::hello; // $ item=HELLO
 
 mod a_module;
 
 fn main() {
-    hello();
+    hello(); // $ item=HELLO
 }

rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs

@@ -1,3 +1,3 @@
 pub fn hello() {
     println!("Hello, world!");
-}
+} // HELLO

rust/ql/integration-tests/hello-workspace/path-resolution.ql

@@ -0,0 +1 @@
+import utils.test.PathResolutionInlineExpectationsTest

rust/ql/integration-tests/hello-workspace/rust-project.json

@@ -2,14 +2,23 @@
   "sysroot_src": "filled by the rust_project fixture",
   "crates": [
     {
+      "display_name": "exe",
+      "version": "0.1.0",
       "root_module": "exe/src/main.rs",
       "edition": "2021",
-      "deps": [{"crate": 1, "name": "lib"}]
+      "deps": [
+        {
+          "crate": 1,
+          "name": "lib"
+        }
+      ]
     },
     {
+      "display_name": "lib",
+      "version": "0.1.0",
       "root_module": "lib/src/lib.rs",
       "edition": "2021",
       "deps": []
     }
   ]
-}
+}

rust/ql/integration-tests/hello-workspace/summary.cargo.expected

@@ -1,4 +1,4 @@
-| Elements extracted | 87 |
+| Elements extracted | 90 |
 | Elements unextracted | 0 |
 | Extraction errors | 0 |
 | Extraction warnings | 0 |

rust/ql/integration-tests/hello-workspace/summary.rust-project.expected

@@ -1,4 +1,4 @@
-| Elements extracted | 87 |
+| Elements extracted | 90 |
 | Elements unextracted | 0 |
 | Extraction errors | 0 |
 | Extraction warnings | 0 |

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

@@ -90,10 +90,10 @@ final class DataFlowCall extends TDataFlowCall {
 }
 
 /**
- * The position of a parameter or an argument in a function or call.
+ * The position of a parameter in a function.
  *
- * As there is a 1-to-1 correspondence between parameter positions and
- * arguments positions in Rust we use the same type for both.
+ * In Rust there is a 1-to-1 correspondence between parameter positions and
+ * arguments positions, so we use the same underlying type for both.
  */
 final class ParameterPosition extends TParameterPosition {
   /** Gets the underlying integer position, if any. */
@@ -126,6 +126,22 @@ final class ParameterPosition extends TParameterPosition {
   }
 }
 
+/**
+ * The position of an argument in a call.
+ *
+ * In Rust there is a 1-to-1 correspondence between parameter positions and
+ * arguments positions, so we use the same underlying type for both.
+ */
+final class ArgumentPosition extends ParameterPosition {
+  /** Gets the argument of `call` at this position, if any. */
+  Expr getArgument(CallExprBase call) {
+    result = call.getArgList().getArg(this.getPosition())
+    or
+    this.isSelf() and
+    result = call.(MethodCallExpr).getReceiver()
+  }
+}
+
 /** Holds if `call` invokes a qualified path that resolves to a method. */
 private predicate callToMethod(CallExpr call) {
   exists(Path path |
@@ -432,6 +448,8 @@ private module Aliases {
 
   class ParameterPositionAlias = ParameterPosition;
 
+  class ArgumentPositionAlias = ArgumentPosition;
+
   class ContentAlias = Content;
 
   class ContentSetAlias = ContentSet;
@@ -550,7 +568,7 @@ module RustDataFlow implements InputSig<Location> {
 
   class ParameterPosition = ParameterPositionAlias;
 
-  class ArgumentPosition = ParameterPosition;
+  class ArgumentPosition = ArgumentPositionAlias;
 
   /**
    * Holds if the parameter position `ppos` matches the argument position

rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll

@@ -58,7 +58,9 @@ module Input implements InputSig<Location, RustDataFlow> {
 
   string encodeParameterPosition(ParameterPosition pos) { result = pos.toString() }
 
-  predicate encodeArgumentPosition = encodeParameterPosition/1;
+  string encodeArgumentPosition(RustDataFlow::ArgumentPosition pos) {
+    result = encodeParameterPosition(pos)
+  }
 
   string encodeContent(ContentSet cs, string arg) {
     exists(Content c | cs = TSingletonContentSet(c) |
@@ -146,17 +148,21 @@ private module StepsInput implements Impl::Private::StepsInputSig {
   RustDataFlow::Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) {
     sc = Impl::Private::SummaryComponent::return(_) and
     result.asExpr().getExpr() = source.getCall()
+    or
+    exists(CallExprBase call, Expr arg, ArgumentPosition pos |
+      result.(RustDataFlow::PostUpdateNode).getPreUpdateNode().asExpr().getExpr() = arg and
+      sc = Impl::Private::SummaryComponent::argument(pos) and
+      call = source.getCall() and
+      arg = pos.getArgument(call)
+    )
   }
 
   RustDataFlow::Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) {
-    exists(CallExprBase call, Expr arg, ParameterPosition pos |
+    exists(CallExprBase call, Expr arg, ArgumentPosition pos |
       result.asExpr().getExpr() = arg and
       sc = Impl::Private::SummaryComponent::argument(pos) and
-      call = sink.getCall()
-    |
-      arg = call.getArgList().getArg(pos.getPosition())
-      or
-      arg = call.(MethodCallExpr).getReceiver() and pos.isSelf()
+      call = sink.getCall() and
+      arg = pos.getArgument(call)
     )
   }
 }

rust/ql/lib/codeql/rust/elements/internal/CrateImpl.qll

@@ -13,6 +13,7 @@ private import codeql.rust.elements.internal.generated.Crate
 module Impl {
   private import rust
   private import codeql.rust.elements.internal.NamedCrate
+  private import codeql.rust.internal.PathResolution
 
   class Crate extends Generated::Crate {
     override string toStringImpl() {
@@ -58,6 +59,14 @@ module Impl {
      */
     Crate getADependency() { result = this.getDependency(_) }
 
+    /** Gets the source file that defines this crate, if any. */
+    SourceFile getSourceFile() { result.getFile() = this.getModule().getFile() }
+
+    /**
+     * Gets a source file that belongs to this crate, if any.
+     */
+    SourceFile getASourceFile() { result = this.(CrateItemNode).getASourceFile() }
+
     override Location getLocation() { result = this.getModule().getLocation() }
   }
 }

rust/ql/lib/codeql/rust/elements/internal/FieldExprImpl.qll

@@ -23,7 +23,7 @@ module Impl {
    */
   class FieldExpr extends Generated::FieldExpr {
     /** Gets the record field that this access references, if any. */
-    StructField getStructField() { result = TypeInference::resolveRecordFieldExpr(this) }
+    StructField getStructField() { result = TypeInference::resolveStructFieldExpr(this) }
 
     /** Gets the tuple field that this access references, if any. */
     TupleField getTupleField() { result = TypeInference::resolveTupleFieldExpr(this) }

rust/ql/lib/codeql/rust/elements/internal/StructImpl.qll

@@ -43,6 +43,6 @@ module Impl {
      * Empty structs are considered to use record fields.
      */
     pragma[nomagic]
-    predicate isRecord() { not this.isTuple() }
+    predicate isStruct() { not this.isTuple() }
   }
 }

rust/ql/lib/codeql/rust/elements/internal/VariantImpl.qll

@@ -38,12 +38,12 @@ module Impl {
     predicate isTuple() { this.getFieldList() instanceof TupleFieldList }
 
     /**
-     * Holds if this variant uses record fields.
+     * Holds if this variant uses struct fields.
      *
-     * Empty variants are considered to use record fields.
+     * Empty variants are considered to use struct fields.
      */
     pragma[nomagic]
-    predicate isRecord() { not this.isTuple() }
+    predicate isStruct() { not this.isTuple() }
 
     /** Gets the enum that this variant belongs to. */
     Enum getEnum() { this = result.getVariantList().getAVariant() }

rust/ql/lib/codeql/rust/internal/PathResolution.qll

@@ -73,7 +73,7 @@ final class Namespace extends TNamespace {
  * - https://doc.rust-lang.org/reference/visibility-and-privacy.html
  * - https://doc.rust-lang.org/reference/names/namespaces.html
  */
-abstract class ItemNode extends AstNode {
+abstract class ItemNode extends Locatable {
   /** Gets the (original) name of this item. */
   abstract string getName();
 
@@ -109,7 +109,11 @@ abstract class ItemNode extends AstNode {
 
   /** Gets the immediately enclosing module (or source file) of this item. */
   pragma[nomagic]
-  ModuleLikeNode getImmediateParentModule() { this = result.getAnItemInScope() }
+  ModuleLikeNode getImmediateParentModule() {
+    this = result.getAnItemInScope()
+    or
+    result = this.(SourceFileItemNode).getSuper()
+  }
 
   pragma[nomagic]
   private ItemNode getASuccessorRec(string name) {
@@ -122,6 +126,10 @@ abstract class ItemNode extends AstNode {
     or
     useImportEdge(this, name, result)
     or
+    crateDefEdge(this, name, result)
+    or
+    crateDependencyEdge(this, name, result)
+    or
     // items made available through `use` are available to nodes that contain the `use`
     exists(UseItemNode use |
       use = this.getASuccessorRec(_) and
@@ -168,19 +176,18 @@ abstract class ItemNode extends AstNode {
     result = this.getASuccessorRec(name)
     or
     name = "super" and
-    if this instanceof Module
+    if this instanceof Module or this instanceof SourceFile
     then result = this.getImmediateParentModule()
     else result = this.getImmediateParentModule().getImmediateParentModule()
     or
     name = "self" and
-    not this instanceof Module and
-    result = this.getImmediateParentModule()
+    if this instanceof Module then result = this else result = this.getImmediateParentModule()
     or
     name = "Self" and
     this = result.(ImplOrTraitItemNode).getAnItemInSelfScope()
     or
     name = "crate" and
-    result.(SourceFileItemNode).getFile() = this.getFile()
+    this = result.(CrateItemNode).getASourceFile()
   }
 
   /** Gets the location of this item. */
@@ -203,6 +210,11 @@ abstract private class ModuleLikeNode extends ItemNode {
 }
 
 private class SourceFileItemNode extends ModuleLikeNode, SourceFile {
+  pragma[nomagic]
+  ModuleLikeNode getSuper() {
+    result = any(ModuleItemNode mod | fileImport(mod, this)).getASuccessor("super")
+  }
+
   override string getName() { result = "(source file)" }
 
   override Namespace getNamespace() {
@@ -211,6 +223,55 @@ private class SourceFileItemNode extends ModuleLikeNode, SourceFile {
 
   override Visibility getVisibility() { none() }
 
+  override predicate isPublic() { any() }
+
+  override TypeParam getTypeParam(int i) { none() }
+}
+
+class CrateItemNode extends ItemNode instanceof Crate {
+  /**
+   * Gets the module node that defines this crate.
+   *
+   * This is either a source file, when the crate is defined in source code,
+   * or a module, when the crate is defined in a dependency.
+   */
+  pragma[nomagic]
+  ModuleLikeNode getModuleNode() {
+    result = super.getSourceFile()
+    or
+    not exists(super.getSourceFile()) and
+    result = super.getModule()
+  }
+
+  /**
+   * Gets a source file that belongs to this crate, if any.
+   *
+   * This is calculated as those source files that can be reached from the entry
+   * file of this crate using zero or more `mod` imports, without going through
+   * the entry point of some other crate.
+   */
+  pragma[nomagic]
+  SourceFileItemNode getASourceFile() {
+    result = super.getSourceFile()
+    or
+    exists(SourceFileItemNode mid, Module mod |
+      mid = this.getASourceFile() and
+      mod.getFile() = mid.getFile() and
+      fileImport(mod, result) and
+      not result = any(Crate other).getSourceFile()
+    )
+  }
+
+  override string getName() { result = Crate.super.getName() }
+
+  override Namespace getNamespace() {
+    result.isType() // can be referenced with `crate`
+  }
+
+  override Visibility getVisibility() { none() }
+
+  override predicate isPublic() { any() }
+
   override TypeParam getTypeParam(int i) { none() }
 }
 
@@ -460,7 +521,7 @@ private class UseItemNode extends ItemNode instanceof Use {
 
   override Namespace getNamespace() { none() }
 
-  override Visibility getVisibility() { none() }
+  override Visibility getVisibility() { result = Use.super.getVisibility() }
 
   override TypeParam getTypeParam(int i) { none() }
 }
@@ -586,11 +647,33 @@ private predicate fileImport(Module m, SourceFile f) {
  * Holds if `mod` is a `mod name;` item targeting a file resulting in `item` being
  * in scope under the name `name`.
  */
+pragma[nomagic]
 private predicate fileImportEdge(Module mod, string name, ItemNode item) {
-  item.isPublic() and
-  exists(SourceFile f |
+  exists(SourceFileItemNode f |
     fileImport(mod, f) and
-    sourceFileEdge(f, name, item)
+    item = f.getASuccessor(name)
+  )
+}
+
+/**
+ * Holds if crate `c` defines the item `i` named `name`.
+ */
+pragma[nomagic]
+private predicate crateDefEdge(CrateItemNode c, string name, ItemNode i) {
+  i = c.getModuleNode().getASuccessor(name) and
+  not i instanceof Crate
+}
+
+/**
+ * Holds if `m` depends on crate `dep` named `name`.
+ */
+private predicate crateDependencyEdge(ModuleLikeNode m, string name, CrateItemNode dep) {
+  exists(CrateItemNode c | dep = c.(Crate).getDependency(name) |
+    // entry module/entry source file
+    m = c.getModuleNode()
+    or
+    // entry/transitive source file
+    m = c.getASourceFile()
   )
 }
 
@@ -745,13 +828,53 @@ private predicate pathUsesNamespace(Path p, Namespace n) {
   )
 }
 
-/** Gets the item that `path` resolves to, if any. */
-cached
-ItemNode resolvePath(RelevantPath path) {
+pragma[nomagic]
+private ItemNode resolvePath1(RelevantPath path) {
   exists(Namespace ns | result = resolvePath0(path, ns) |
     pathUsesNamespace(path, ns)
     or
-    not pathUsesNamespace(path, _)
+    not pathUsesNamespace(path, _) and
+    not path = any(MacroCall mc).getPath()
+  )
+}
+
+pragma[nomagic]
+private ItemNode resolvePathPrivate(
+  RelevantPath path, ModuleLikeNode itemParent, ModuleLikeNode pathParent
+) {
+  result = resolvePath1(path) and
+  itemParent = result.getImmediateParentModule() and
+  not result.isPublic() and
+  (
+    pathParent.getADescendant() = path
+    or
+    pathParent = any(ItemNode mid | path = mid.getADescendant()).getImmediateParentModule()
+  )
+}
+
+/**
+ * Gets a module that has access to private items defined inside `itemParent`.
+ *
+ * According to [The Rust Reference][1] this is either `itemParent` itself or any
+ * descendant of `itemParent`.
+ *
+ * [1]: https://doc.rust-lang.org/reference/visibility-and-privacy.html#r-vis.access
+ */
+pragma[nomagic]
+private ModuleLikeNode getAPrivateVisibleModule(ModuleLikeNode itemParent) {
+  exists(resolvePathPrivate(_, itemParent, _)) and
+  result.getImmediateParentModule*() = itemParent
+}
+
+/** Gets the item that `path` resolves to, if any. */
+cached
+ItemNode resolvePath(RelevantPath path) {
+  result = resolvePath1(path) and
+  result.isPublic()
+  or
+  exists(ModuleLikeNode itemParent, ModuleLikeNode pathParent |
+    result = resolvePathPrivate(path, itemParent, pathParent) and
+    pathParent = getAPrivateVisibleModule(itemParent)
   )
 }
 
@@ -831,3 +954,44 @@ private predicate useImportEdge(Use use, string name, ItemNode item) {
     name != "_"
   )
 }
+
+/** Provides predicates for debugging the path resolution implementation. */
+private module Debug {
+  private Locatable getRelevantLocatable() {
+    exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
+      result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
+      filepath.matches("%/main.rs") and
+      startline = 1
+    )
+  }
+
+  predicate debugUnqualifiedPathLookup(RelevantPath p, string name, Namespace ns, ItemNode encl) {
+    p = getRelevantLocatable() and
+    unqualifiedPathLookup(p, name, ns, encl)
+  }
+
+  ItemNode debugResolvePath(RelevantPath path) {
+    path = getRelevantLocatable() and
+    result = resolvePath(path)
+  }
+
+  predicate debugUseImportEdge(Use use, string name, ItemNode item) {
+    use = getRelevantLocatable() and
+    useImportEdge(use, name, item)
+  }
+
+  ItemNode debugGetASuccessorRec(ItemNode i, string name) {
+    i = getRelevantLocatable() and
+    result = i.getASuccessor(name)
+  }
+
+  predicate debugFileImportEdge(Module mod, string name, ItemNode item) {
+    mod = getRelevantLocatable() and
+    fileImportEdge(mod, name, item)
+  }
+
+  predicate debugFileImport(Module m, SourceFile f) {
+    m = getRelevantLocatable() and
+    fileImport(m, f)
+  }
+}

rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll

@@ -7,6 +7,7 @@ private import PathResolution
 
 /** Holds if `p` may resolve to multiple items including `i`. */
 query predicate multiplePathResolutions(Path p, ItemNode i) {
+  p.fromSource() and
   i = resolvePath(p) and
   // `use foo::bar` may use both a type `bar` and a value `bar`
   not p =

rust/ql/lib/codeql/rust/internal/Type.qll

@@ -29,7 +29,7 @@ abstract class Type extends TType {
   pragma[nomagic]
   abstract Function getMethod(string name);
 
-  /** Gets the record field `name` belonging to this type, if any. */
+  /** Gets the struct field `name` belonging to this type, if any. */
   pragma[nomagic]
   abstract StructField getStructField(string name);
 

rust/ql/lib/codeql/rust/internal/TypeInference.qll

@@ -248,24 +248,24 @@ private TypeMention getExplicitTypeArgMention(Path path, TypeParam tp) {
 }
 
 /**
- * A matching configuration for resolving types of record expressions
+ * A matching configuration for resolving types of struct expressions
  * like `Foo { bar = baz }`.
  */
 private module StructExprMatchingInput implements MatchingInputSig {
   private newtype TPos =
     TFieldPos(string name) { exists(any(Declaration decl).getField(name)) } or
-    TRecordPos()
+    TStructPos()
 
   class DeclarationPosition extends TPos {
     string asFieldPos() { this = TFieldPos(result) }
 
-    predicate isRecordPos() { this = TRecordPos() }
+    predicate isStructPos() { this = TStructPos() }
 
     string toString() {
       result = this.asFieldPos()
       or
-      this.isRecordPos() and
-      result = "(record)"
+      this.isStructPos() and
+      result = "(struct)"
     }
   }
 
@@ -286,15 +286,15 @@ private module StructExprMatchingInput implements MatchingInputSig {
         result = tp.resolveTypeAt(path)
       )
       or
-      // type parameter of the record itself
-      dpos.isRecordPos() and
+      // type parameter of the struct itself
+      dpos.isStructPos() and
       result = this.getTypeParameter(_) and
       path = TypePath::singleton(result)
     }
   }
 
-  private class RecordStructDecl extends Declaration, Struct {
-    RecordStructDecl() { this.isRecord() }
+  private class StructDecl extends Declaration, Struct {
+    StructDecl() { this.isStruct() }
 
     override TypeParam getATypeParam() { result = this.getGenericParamList().getATypeParam() }
 
@@ -304,14 +304,14 @@ private module StructExprMatchingInput implements MatchingInputSig {
       result = super.getDeclaredType(dpos, path)
       or
       // type of the struct itself
-      dpos.isRecordPos() and
+      dpos.isStructPos() and
       path.isEmpty() and
       result = TStruct(this)
     }
   }
 
-  private class RecordVariantDecl extends Declaration, Variant {
-    RecordVariantDecl() { this.isRecord() }
+  private class StructVariantDecl extends Declaration, Variant {
+    StructVariantDecl() { this.isStruct() }
 
     Enum getEnum() { result.getVariantList().getAVariant() = this }
 
@@ -325,7 +325,7 @@ private module StructExprMatchingInput implements MatchingInputSig {
       result = super.getDeclaredType(dpos, path)
       or
       // type of the enum itself
-      dpos.isRecordPos() and
+      dpos.isStructPos() and
       path.isEmpty() and
       result = TEnum(this.getEnum())
     }
@@ -342,7 +342,7 @@ private module StructExprMatchingInput implements MatchingInputSig {
       result = this.getFieldExpr(apos.asFieldPos()).getExpr()
       or
       result = this and
-      apos.isRecordPos()
+      apos.isStructPos()
     }
 
     Type getInferredType(AccessPosition apos, TypePath path) {
@@ -360,8 +360,8 @@ private module StructExprMatchingInput implements MatchingInputSig {
 private module StructExprMatching = Matching<StructExprMatchingInput>;
 
 /**
- * Gets the type of `n` at `path`, where `n` is either a record expression or
- * a field expression of a record expression.
+ * Gets the type of `n` at `path`, where `n` is either a struct expression or
+ * a field expression of a struct expression.
  */
 pragma[nomagic]
 private Type inferStructExprType(AstNode n, TypePath path) {
@@ -777,7 +777,7 @@ private module FieldExprMatchingInput implements MatchingInputSig {
 
     Declaration getTarget() {
       // mutual recursion; resolving fields requires resolving types and vice versa
-      result = [resolveRecordFieldExpr(this).(AstNode), resolveTupleFieldExpr(this)]
+      result = [resolveStructFieldExpr(this).(AstNode), resolveTupleFieldExpr(this)]
     }
   }
 
@@ -921,10 +921,10 @@ private module Cached {
   }
 
   /**
-   * Gets the record field that the field expression `fe` resolves to, if any.
+   * Gets the struct field that the field expression `fe` resolves to, if any.
    */
   cached
-  StructField resolveRecordFieldExpr(FieldExpr fe) {
+  StructField resolveStructFieldExpr(FieldExpr fe) {
     exists(string name | result = getFieldExprLookupType(fe, name).getStructField(name))
   }
 

rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll

@@ -0,0 +1,48 @@
+/**
+ * Provides an inline expectations test for path resolution.
+ */
+
+private import rust
+private import codeql.rust.internal.PathResolution
+private import codeql.rust.internal.TypeInference
+private import utils.test.InlineExpectationsTest
+
+private module ResolveTest implements TestSig {
+  string getARelevantTag() { result = "item" }
+
+  private predicate itemAt(ItemNode i, string filepath, int line, boolean inMacro) {
+    i.getLocation().hasLocationInfo(filepath, _, _, line, _) and
+    if i.(AstNode).isInMacroExpansion() then inMacro = true else inMacro = false
+  }
+
+  private predicate commmentAt(string text, string filepath, int line) {
+    exists(Comment c |
+      c.getLocation().hasLocationInfo(filepath, line, _, _, _) and
+      c.getCommentText() = text
+    )
+  }
+
+  private predicate item(ItemNode i, string value) {
+    exists(string filepath, int line, boolean inMacro | itemAt(i, filepath, line, inMacro) |
+      commmentAt(value, filepath, line) and inMacro = false
+      or
+      not (commmentAt(_, filepath, line) and inMacro = false) and
+      value = i.getName()
+    )
+  }
+
+  predicate hasActualResult(Location location, string element, string tag, string value) {
+    exists(AstNode n |
+      not n = any(Path parent).getQualifier() and
+      location = n.getLocation() and
+      element = n.toString() and
+      tag = "item"
+    |
+      item(resolvePath(n), value)
+      or
+      item(n.(MethodCallExpr).getStaticTarget(), value)
+    )
+  }
+}
+
+import MakeTest<ResolveTest>

rust/ql/src/queries/telemetry/RustAnalyzerComparison.qll

@@ -59,6 +59,19 @@ private module Compare<ResolvableSig R, CompareSig<R> RustAnalyzer, CompareSig<R
 
   predicate qlUniqueCount(int c) { c = count(Source s | qlUnique(s)) }
 
+  // debug predicates to find missing targets in QL implementation
+  private module Debug {
+    predicate qlMissing(Source s, Target t) {
+      t = RustAnalyzer::resolve(s) and
+      not t = Ql::resolve(s)
+    }
+
+    predicate qlMissingWithCount(Source s, Target t, int c) {
+      qlMissing(s, t) and
+      c = strictcount(Source s0 | qlMissing(s0, t))
+    }
+  }
+
   predicate summary(string key, int value) {
     key = "rust-analyzer unique" and rustAnalyzerUniqueCount(value)
     or

rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected

@@ -0,0 +1,3 @@
+multipleStaticCallTargets
+| regular.rs:29:5:29:9 | s.g(...) | anonymous.rs:15:9:15:22 | fn g |
+| regular.rs:29:5:29:9 | s.g(...) | regular.rs:13:5:13:18 | fn g |

rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected

@@ -0,0 +1,3 @@
+multipleStaticCallTargets
+| regular.rs:32:5:32:9 | s.g(...) | anonymous.rs:18:9:18:22 | fn g |
+| regular.rs:32:5:32:9 | s.g(...) | regular.rs:16:5:16:18 | fn g |

rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected

@@ -846,8 +846,26 @@ localStep
 | main.rs:519:17:519:18 | &c | main.rs:519:9:519:13 | c_ref |
 | main.rs:523:14:523:18 | [post] c_ref | main.rs:524:11:524:15 | c_ref |
 | main.rs:523:14:523:18 | c_ref | main.rs:524:11:524:15 | c_ref |
-| main.rs:551:13:551:33 | result_questionmark(...) | main.rs:551:9:551:9 | _ |
-| main.rs:563:36:563:41 | ...::new(...) | main.rs:563:36:563:41 | MacroExpr |
+| main.rs:528:9:528:9 | [SSA] a | main.rs:530:10:530:10 | a |
+| main.rs:528:9:528:9 | a | main.rs:528:9:528:9 | [SSA] a |
+| main.rs:528:9:528:9 | a | main.rs:528:9:528:9 | a |
+| main.rs:528:18:528:27 | source(...) | main.rs:528:9:528:9 | a |
+| main.rs:530:10:530:10 | a | main.rs:531:10:531:10 | a |
+| main.rs:531:10:531:10 | [post] a | main.rs:532:20:532:20 | a |
+| main.rs:531:10:531:10 | [post] receiver for a | main.rs:531:10:531:10 | [post] a |
+| main.rs:531:10:531:10 | a | main.rs:531:10:531:10 | receiver for a |
+| main.rs:531:10:531:10 | a | main.rs:532:20:532:20 | a |
+| main.rs:534:9:534:9 | [SSA] b | main.rs:536:10:536:10 | b |
+| main.rs:534:9:534:9 | b | main.rs:534:9:534:9 | [SSA] b |
+| main.rs:534:9:534:9 | b | main.rs:534:9:534:9 | b |
+| main.rs:534:18:534:34 | ... as i32 | main.rs:534:9:534:9 | b |
+| main.rs:536:10:536:10 | b | main.rs:537:10:537:10 | b |
+| main.rs:537:10:537:10 | [post] b | main.rs:538:20:538:20 | b |
+| main.rs:537:10:537:10 | [post] receiver for b | main.rs:537:10:537:10 | [post] b |
+| main.rs:537:10:537:10 | b | main.rs:537:10:537:10 | receiver for b |
+| main.rs:537:10:537:10 | b | main.rs:538:20:538:20 | b |
+| main.rs:565:13:565:33 | result_questionmark(...) | main.rs:565:9:565:9 | _ |
+| main.rs:577:36:577:41 | ...::new(...) | main.rs:577:36:577:41 | MacroExpr |
 models
 | 1 | Sink: lang:std; crate::io::stdio::_print; log-injection; Argument[0] |
 | 2 | Summary: lang:alloc; <&&str as crate::string::SpecToString>::spec_to_string; Argument[self].Reference.Reference; ReturnValue; value |
@@ -2356,7 +2374,7 @@ storeStep
 | main.rs:504:41:504:41 | 4 | element | main.rs:504:22:504:42 | [...] |
 | main.rs:519:18:519:18 | c | &ref | main.rs:519:17:519:18 | &c |
 | main.rs:522:15:522:15 | b | &ref | main.rs:522:14:522:15 | &b |
-| main.rs:531:27:531:27 | 0 | Some | main.rs:531:22:531:28 | Some(...) |
+| main.rs:545:27:545:27 | 0 | Some | main.rs:545:22:545:28 | Some(...) |
 readStep
 | file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::<crate::boxed::Box>::allocator | tuple.1 | file://:0:0:0:0 | [summary] read: Argument[0].Field[1] in lang:alloc::_::<crate::boxed::Box>::allocator |
 | file://:0:0:0:0 | [summary param] 0 in lang:alloc::_::<crate::boxed::Box>::as_mut_ptr | &ref | file://:0:0:0:0 | [summary] read: Argument[0].Reference in lang:alloc::_::<crate::boxed::Box>::as_mut_ptr |
@@ -3049,3 +3067,5 @@ readStep
 | main.rs:510:19:510:24 | vs_mut | &ref | main.rs:510:19:510:24 | receiver for vs_mut |
 | main.rs:510:19:510:35 | vs_mut.iter_mut(...) | element | main.rs:510:9:510:14 | &mut ... |
 | main.rs:524:11:524:15 | c_ref | &ref | main.rs:524:10:524:15 | * ... |
+| main.rs:531:10:531:10 | a | &ref | main.rs:531:10:531:10 | receiver for a |
+| main.rs:537:10:537:10 | b | &ref | main.rs:537:10:537:10 | receiver for b |

rust/ql/test/library-tests/dataflow/local/inline-flow.expected

@@ -1,13 +1,14 @@
 models
-| 1 | Summary: lang:core; <crate::option::Option>::unwrap; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value |
-| 2 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[0]; ReturnValue; value |
-| 3 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value |
-| 4 | Summary: lang:core; <crate::option::Option>::unwrap_or_else; Argument[0].ReturnValue; ReturnValue; value |
-| 5 | Summary: lang:core; <crate::option::Option>::unwrap_or_else; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value |
-| 6 | Summary: lang:core; <crate::result::Result>::err; Argument[self].Field[crate::result::Result::Err(0)]; ReturnValue.Field[crate::option::Option::Some(0)]; value |
-| 7 | Summary: lang:core; <crate::result::Result>::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value |
-| 8 | Summary: lang:core; <crate::result::Result>::expect_err; Argument[self].Field[crate::result::Result::Err(0)]; ReturnValue; value |
-| 9 | Summary: lang:core; <crate::result::Result>::ok; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue.Field[crate::option::Option::Some(0)]; value |
+| 1 | Summary: lang:core; <_ as crate::convert::From>::from; Argument[0]; ReturnValue; value |
+| 2 | Summary: lang:core; <crate::option::Option>::unwrap; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value |
+| 3 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[0]; ReturnValue; value |
+| 4 | Summary: lang:core; <crate::option::Option>::unwrap_or; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value |
+| 5 | Summary: lang:core; <crate::option::Option>::unwrap_or_else; Argument[0].ReturnValue; ReturnValue; value |
+| 6 | Summary: lang:core; <crate::option::Option>::unwrap_or_else; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value |
+| 7 | Summary: lang:core; <crate::result::Result>::err; Argument[self].Field[crate::result::Result::Err(0)]; ReturnValue.Field[crate::option::Option::Some(0)]; value |
+| 8 | Summary: lang:core; <crate::result::Result>::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value |
+| 9 | Summary: lang:core; <crate::result::Result>::expect_err; Argument[self].Field[crate::result::Result::Err(0)]; ReturnValue; value |
+| 10 | Summary: lang:core; <crate::result::Result>::ok; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue.Field[crate::option::Option::Some(0)]; value |
 edges
 | main.rs:22:9:22:9 | s | main.rs:23:10:23:10 | s | provenance |  |
 | main.rs:22:13:22:21 | source(...) | main.rs:22:9:22:9 | s | provenance |  |
@@ -94,32 +95,32 @@ edges
 | main.rs:229:11:229:12 | s1 [Some] | main.rs:230:9:230:15 | Some(...) [Some] | provenance |  |
 | main.rs:230:9:230:15 | Some(...) [Some] | main.rs:230:14:230:14 | n | provenance |  |
 | main.rs:230:14:230:14 | n | main.rs:230:25:230:25 | n | provenance |  |
-| main.rs:240:9:240:10 | s1 [Some] | main.rs:241:10:241:20 | s1.unwrap(...) | provenance | MaD:1 |
+| main.rs:240:9:240:10 | s1 [Some] | main.rs:241:10:241:20 | s1.unwrap(...) | provenance | MaD:2 |
 | main.rs:240:14:240:29 | Some(...) [Some] | main.rs:240:9:240:10 | s1 [Some] | provenance |  |
 | main.rs:240:19:240:28 | source(...) | main.rs:240:14:240:29 | Some(...) [Some] | provenance |  |
-| main.rs:245:9:245:10 | s1 [Some] | main.rs:246:10:246:24 | s1.unwrap_or(...) | provenance | MaD:3 |
+| main.rs:245:9:245:10 | s1 [Some] | main.rs:246:10:246:24 | s1.unwrap_or(...) | provenance | MaD:4 |
 | main.rs:245:14:245:29 | Some(...) [Some] | main.rs:245:9:245:10 | s1 [Some] | provenance |  |
 | main.rs:245:19:245:28 | source(...) | main.rs:245:14:245:29 | Some(...) [Some] | provenance |  |
-| main.rs:249:23:249:32 | source(...) | main.rs:249:10:249:33 | s2.unwrap_or(...) | provenance | MaD:2 |
-| main.rs:253:9:253:10 | s1 [Some] | main.rs:254:10:254:32 | s1.unwrap_or_else(...) | provenance | MaD:5 |
+| main.rs:249:23:249:32 | source(...) | main.rs:249:10:249:33 | s2.unwrap_or(...) | provenance | MaD:3 |
+| main.rs:253:9:253:10 | s1 [Some] | main.rs:254:10:254:32 | s1.unwrap_or_else(...) | provenance | MaD:6 |
 | main.rs:253:14:253:29 | Some(...) [Some] | main.rs:253:9:253:10 | s1 [Some] | provenance |  |
 | main.rs:253:19:253:28 | source(...) | main.rs:253:14:253:29 | Some(...) [Some] | provenance |  |
-| main.rs:257:31:257:40 | source(...) | main.rs:257:10:257:41 | s2.unwrap_or_else(...) | provenance | MaD:4 |
+| main.rs:257:31:257:40 | source(...) | main.rs:257:10:257:41 | s2.unwrap_or_else(...) | provenance | MaD:5 |
 | main.rs:261:9:261:10 | s1 [Some] | main.rs:263:14:263:15 | s1 [Some] | provenance |  |
 | main.rs:261:14:261:29 | Some(...) [Some] | main.rs:261:9:261:10 | s1 [Some] | provenance |  |
 | main.rs:261:19:261:28 | source(...) | main.rs:261:14:261:29 | Some(...) [Some] | provenance |  |
 | main.rs:263:9:263:10 | i1 | main.rs:264:10:264:11 | i1 | provenance |  |
 | main.rs:263:14:263:15 | s1 [Some] | main.rs:263:14:263:16 | TryExpr | provenance |  |
 | main.rs:263:14:263:16 | TryExpr | main.rs:263:9:263:10 | i1 | provenance |  |
-| main.rs:270:9:270:10 | r1 [Ok] | main.rs:271:29:271:35 | r1.ok(...) [Some] | provenance | MaD:9 |
+| main.rs:270:9:270:10 | r1 [Ok] | main.rs:271:29:271:35 | r1.ok(...) [Some] | provenance | MaD:10 |
 | main.rs:270:33:270:46 | Ok(...) [Ok] | main.rs:270:9:270:10 | r1 [Ok] | provenance |  |
 | main.rs:270:36:270:45 | source(...) | main.rs:270:33:270:46 | Ok(...) [Ok] | provenance |  |
-| main.rs:271:9:271:11 | o1a [Some] | main.rs:273:10:273:21 | o1a.unwrap(...) | provenance | MaD:1 |
+| main.rs:271:9:271:11 | o1a [Some] | main.rs:273:10:273:21 | o1a.unwrap(...) | provenance | MaD:2 |
 | main.rs:271:29:271:35 | r1.ok(...) [Some] | main.rs:271:9:271:11 | o1a [Some] | provenance |  |
-| main.rs:276:9:276:10 | r2 [Err] | main.rs:278:29:278:36 | r2.err(...) [Some] | provenance | MaD:6 |
+| main.rs:276:9:276:10 | r2 [Err] | main.rs:278:29:278:36 | r2.err(...) [Some] | provenance | MaD:7 |
 | main.rs:276:33:276:47 | Err(...) [Err] | main.rs:276:9:276:10 | r2 [Err] | provenance |  |
 | main.rs:276:37:276:46 | source(...) | main.rs:276:33:276:47 | Err(...) [Err] | provenance |  |
-| main.rs:278:9:278:11 | o2b [Some] | main.rs:280:10:280:21 | o2b.unwrap(...) | provenance | MaD:1 |
+| main.rs:278:9:278:11 | o2b [Some] | main.rs:280:10:280:21 | o2b.unwrap(...) | provenance | MaD:2 |
 | main.rs:278:29:278:36 | r2.err(...) [Some] | main.rs:278:9:278:11 | o2b [Some] | provenance |  |
 | main.rs:284:9:284:10 | s1 [Ok] | main.rs:287:14:287:15 | s1 [Ok] | provenance |  |
 | main.rs:284:32:284:45 | Ok(...) [Ok] | main.rs:284:9:284:10 | s1 [Ok] | provenance |  |
@@ -127,10 +128,10 @@ edges
 | main.rs:287:9:287:10 | i1 | main.rs:289:10:289:11 | i1 | provenance |  |
 | main.rs:287:14:287:15 | s1 [Ok] | main.rs:287:14:287:16 | TryExpr | provenance |  |
 | main.rs:287:14:287:16 | TryExpr | main.rs:287:9:287:10 | i1 | provenance |  |
-| main.rs:297:9:297:10 | s1 [Ok] | main.rs:298:10:298:22 | s1.expect(...) | provenance | MaD:7 |
+| main.rs:297:9:297:10 | s1 [Ok] | main.rs:298:10:298:22 | s1.expect(...) | provenance | MaD:8 |
 | main.rs:297:32:297:45 | Ok(...) [Ok] | main.rs:297:9:297:10 | s1 [Ok] | provenance |  |
 | main.rs:297:35:297:44 | source(...) | main.rs:297:32:297:45 | Ok(...) [Ok] | provenance |  |
-| main.rs:301:9:301:10 | s2 [Err] | main.rs:303:10:303:26 | s2.expect_err(...) | provenance | MaD:8 |
+| main.rs:301:9:301:10 | s2 [Err] | main.rs:303:10:303:26 | s2.expect_err(...) | provenance | MaD:9 |
 | main.rs:301:32:301:46 | Err(...) [Err] | main.rs:301:9:301:10 | s2 [Err] | provenance |  |
 | main.rs:301:36:301:45 | source(...) | main.rs:301:32:301:46 | Err(...) [Err] | provenance |  |
 | main.rs:312:9:312:10 | s1 [A] | main.rs:314:11:314:12 | s1 [A] | provenance |  |
@@ -230,6 +231,9 @@ edges
 | main.rs:519:17:519:18 | &c [&ref] | main.rs:519:9:519:13 | c_ref [&ref] | provenance |  |
 | main.rs:519:18:519:18 | c | main.rs:519:17:519:18 | &c [&ref] | provenance |  |
 | main.rs:524:11:524:15 | c_ref [&ref] | main.rs:524:10:524:15 | * ... | provenance |  |
+| main.rs:528:9:528:9 | a | main.rs:532:20:532:20 | a | provenance |  |
+| main.rs:528:18:528:27 | source(...) | main.rs:528:9:528:9 | a | provenance |  |
+| main.rs:532:20:532:20 | a | main.rs:532:10:532:21 | ...::from(...) | provenance | MaD:1 |
 nodes
 | main.rs:18:10:18:18 | source(...) | semmle.label | source(...) |
 | main.rs:22:9:22:9 | s | semmle.label | s |
@@ -497,6 +501,10 @@ nodes
 | main.rs:521:10:521:10 | a | semmle.label | a |
 | main.rs:524:10:524:15 | * ... | semmle.label | * ... |
 | main.rs:524:11:524:15 | c_ref [&ref] | semmle.label | c_ref [&ref] |
+| main.rs:528:9:528:9 | a | semmle.label | a |
+| main.rs:528:18:528:27 | source(...) | semmle.label | source(...) |
+| main.rs:532:10:532:21 | ...::from(...) | semmle.label | ...::from(...) |
+| main.rs:532:20:532:20 | a | semmle.label | a |
 subpaths
 testFailures
 #select
@@ -554,3 +562,4 @@ testFailures
 | main.rs:506:10:506:18 | vs_mut[0] | main.rs:504:23:504:32 | source(...) | main.rs:506:10:506:18 | vs_mut[0] | $@ | main.rs:504:23:504:32 | source(...) | source(...) |
 | main.rs:521:10:521:10 | a | main.rs:516:13:516:22 | source(...) | main.rs:521:10:521:10 | a | $@ | main.rs:516:13:516:22 | source(...) | source(...) |
 | main.rs:524:10:524:15 | * ... | main.rs:518:13:518:22 | source(...) | main.rs:524:10:524:15 | * ... | $@ | main.rs:518:13:518:22 | source(...) | source(...) |
+| main.rs:532:10:532:21 | ...::from(...) | main.rs:528:18:528:27 | source(...) | main.rs:532:10:532:21 | ...::from(...) | $@ | main.rs:528:18:528:27 | source(...) | source(...) |

rust/ql/test/library-tests/dataflow/local/main.rs

@@ -524,6 +524,20 @@ fn references() {
     sink(*c_ref); // $ hasValueFlow=42
 }
 
+fn conversions() {
+    let a: i64 = source(50);
+
+    sink(a as i64); // $ hasTaintFlow=50
+    sink(a.into()); // $ MISSING: hasValueFlow=50
+    sink(i64::from(a)); // $ hasValueFlow=50
+
+    let b: i32 = source(51) as i32;
+
+    sink(b as i64); // $ hasTaintFlow=51
+    sink(b.into()); // $ MISSING: hasTaintFlow=51
+    sink(i64::from(b)); // $ hasTaintFlow=51
+}
+
 fn main() {
     direct();
     variable_usage();
@@ -565,4 +579,5 @@ fn main() {
     parse();
     iterators();
     references();
+    conversions();
 }

rust/ql/test/library-tests/dataflow/models/main.rs

@@ -279,6 +279,15 @@ fn test_simple_sink() {
     simple_sink(s); // $ hasValueFlow=17
 }
 
+// has a source model
+fn arg_source(i: i64) {}
+
+fn test_arg_source() {
+    let i = 19;
+    arg_source(i);
+    sink(i) // $ hasValueFlow=i
+}
+
 #[tokio::main]
 async fn main() {
     test_identify();
@@ -299,5 +308,6 @@ async fn main() {
     test_simple_source();
     test_simple_sink();
     test_get_async_number().await;
+    test_arg_source();
     let dummy = Some(0); // ensure that the the `lang:core` crate is extracted
 }

rust/ql/test/library-tests/dataflow/models/models.expected

@@ -3,22 +3,23 @@ models
 | 2 | Sink: repo::test; crate::enum_sink; test-sink; Argument[0].Field[crate::MyFieldEnum::C::field_c] |
 | 3 | Sink: repo::test; crate::simple_sink; test-sink; Argument[0] |
 | 4 | Source: repo::test; <crate::MyFieldEnum>::source; test-source; ReturnValue.Field[crate::MyFieldEnum::C::field_c] |
-| 5 | Source: repo::test; crate::enum_source; test-source; ReturnValue.Field[crate::MyFieldEnum::D::field_d] |
-| 6 | Source: repo::test; crate::simple_source; test-source; ReturnValue |
-| 7 | Summary: repo::test; crate::apply; Argument[0]; Argument[1].Parameter[0]; value |
-| 8 | Summary: repo::test; crate::apply; Argument[1].ReturnValue; ReturnValue; value |
-| 9 | Summary: repo::test; crate::coerce; Argument[0]; ReturnValue; taint |
-| 10 | Summary: repo::test; crate::get_array_element; Argument[0].Element; ReturnValue; value |
-| 11 | Summary: repo::test; crate::get_async_number; Argument[0]; ReturnValue.Future; value |
-| 12 | Summary: repo::test; crate::get_struct_field; Argument[0].Field[crate::MyStruct::field1]; ReturnValue; value |
-| 13 | Summary: repo::test; crate::get_tuple_element; Argument[0].Field[0]; ReturnValue; value |
-| 14 | Summary: repo::test; crate::get_var_field; Argument[0].Field[crate::MyFieldEnum::C::field_c]; ReturnValue; value |
-| 15 | Summary: repo::test; crate::get_var_pos; Argument[0].Field[crate::MyPosEnum::A(0)]; ReturnValue; value |
-| 16 | Summary: repo::test; crate::set_array_element; Argument[0]; ReturnValue.Element; value |
-| 17 | Summary: repo::test; crate::set_struct_field; Argument[0]; ReturnValue.Field[crate::MyStruct::field2]; value |
-| 18 | Summary: repo::test; crate::set_tuple_element; Argument[0]; ReturnValue.Field[1]; value |
-| 19 | Summary: repo::test; crate::set_var_field; Argument[0]; ReturnValue.Field[crate::MyFieldEnum::D::field_d]; value |
-| 20 | Summary: repo::test; crate::set_var_pos; Argument[0]; ReturnValue.Field[crate::MyPosEnum::B(0)]; value |
+| 5 | Source: repo::test; crate::arg_source; test-source; Argument[0] |
+| 6 | Source: repo::test; crate::enum_source; test-source; ReturnValue.Field[crate::MyFieldEnum::D::field_d] |
+| 7 | Source: repo::test; crate::simple_source; test-source; ReturnValue |
+| 8 | Summary: repo::test; crate::apply; Argument[0]; Argument[1].Parameter[0]; value |
+| 9 | Summary: repo::test; crate::apply; Argument[1].ReturnValue; ReturnValue; value |
+| 10 | Summary: repo::test; crate::coerce; Argument[0]; ReturnValue; taint |
+| 11 | Summary: repo::test; crate::get_array_element; Argument[0].Element; ReturnValue; value |
+| 12 | Summary: repo::test; crate::get_async_number; Argument[0]; ReturnValue.Future; value |
+| 13 | Summary: repo::test; crate::get_struct_field; Argument[0].Field[crate::MyStruct::field1]; ReturnValue; value |
+| 14 | Summary: repo::test; crate::get_tuple_element; Argument[0].Field[0]; ReturnValue; value |
+| 15 | Summary: repo::test; crate::get_var_field; Argument[0].Field[crate::MyFieldEnum::C::field_c]; ReturnValue; value |
+| 16 | Summary: repo::test; crate::get_var_pos; Argument[0].Field[crate::MyPosEnum::A(0)]; ReturnValue; value |
+| 17 | Summary: repo::test; crate::set_array_element; Argument[0]; ReturnValue.Element; value |
+| 18 | Summary: repo::test; crate::set_struct_field; Argument[0]; ReturnValue.Field[crate::MyStruct::field2]; value |
+| 19 | Summary: repo::test; crate::set_tuple_element; Argument[0]; ReturnValue.Field[1]; value |
+| 20 | Summary: repo::test; crate::set_var_field; Argument[0]; ReturnValue.Field[crate::MyFieldEnum::D::field_d]; value |
+| 21 | Summary: repo::test; crate::set_var_pos; Argument[0]; ReturnValue.Field[crate::MyPosEnum::B(0)]; value |
 edges
 | main.rs:15:9:15:9 | s | main.rs:16:19:16:19 | s | provenance |  |
 | main.rs:15:9:15:9 | s | main.rs:16:19:16:19 | s | provenance |  |
@@ -28,7 +29,7 @@ edges
 | main.rs:16:19:16:19 | s | main.rs:16:10:16:20 | identity(...) | provenance | QL |
 | main.rs:25:9:25:9 | s | main.rs:26:17:26:17 | s | provenance |  |
 | main.rs:25:13:25:22 | source(...) | main.rs:25:9:25:9 | s | provenance |  |
-| main.rs:26:17:26:17 | s | main.rs:26:10:26:18 | coerce(...) | provenance | MaD:9 |
+| main.rs:26:17:26:17 | s | main.rs:26:10:26:18 | coerce(...) | provenance | MaD:10 |
 | main.rs:40:9:40:9 | s | main.rs:41:27:41:27 | s | provenance |  |
 | main.rs:40:9:40:9 | s | main.rs:41:27:41:27 | s | provenance |  |
 | main.rs:40:13:40:21 | source(...) | main.rs:40:9:40:9 | s | provenance |  |
@@ -39,8 +40,8 @@ edges
 | main.rs:41:14:41:28 | ...::A(...) [A] | main.rs:41:9:41:10 | e1 [A] | provenance |  |
 | main.rs:41:27:41:27 | s | main.rs:41:14:41:28 | ...::A(...) [A] | provenance |  |
 | main.rs:41:27:41:27 | s | main.rs:41:14:41:28 | ...::A(...) [A] | provenance |  |
-| main.rs:42:22:42:23 | e1 [A] | main.rs:42:10:42:24 | get_var_pos(...) | provenance | MaD:15 |
-| main.rs:42:22:42:23 | e1 [A] | main.rs:42:10:42:24 | get_var_pos(...) | provenance | MaD:15 |
+| main.rs:42:22:42:23 | e1 [A] | main.rs:42:10:42:24 | get_var_pos(...) | provenance | MaD:16 |
+| main.rs:42:22:42:23 | e1 [A] | main.rs:42:10:42:24 | get_var_pos(...) | provenance | MaD:16 |
 | main.rs:53:9:53:9 | s | main.rs:54:26:54:26 | s | provenance |  |
 | main.rs:53:9:53:9 | s | main.rs:54:26:54:26 | s | provenance |  |
 | main.rs:53:13:53:21 | source(...) | main.rs:53:9:53:9 | s | provenance |  |
@@ -49,8 +50,8 @@ edges
 | main.rs:54:9:54:10 | e1 [B] | main.rs:55:11:55:12 | e1 [B] | provenance |  |
 | main.rs:54:14:54:27 | set_var_pos(...) [B] | main.rs:54:9:54:10 | e1 [B] | provenance |  |
 | main.rs:54:14:54:27 | set_var_pos(...) [B] | main.rs:54:9:54:10 | e1 [B] | provenance |  |
-| main.rs:54:26:54:26 | s | main.rs:54:14:54:27 | set_var_pos(...) [B] | provenance | MaD:20 |
-| main.rs:54:26:54:26 | s | main.rs:54:14:54:27 | set_var_pos(...) [B] | provenance | MaD:20 |
+| main.rs:54:26:54:26 | s | main.rs:54:14:54:27 | set_var_pos(...) [B] | provenance | MaD:21 |
+| main.rs:54:26:54:26 | s | main.rs:54:14:54:27 | set_var_pos(...) [B] | provenance | MaD:21 |
 | main.rs:55:11:55:12 | e1 [B] | main.rs:57:9:57:23 | ...::B(...) [B] | provenance |  |
 | main.rs:55:11:55:12 | e1 [B] | main.rs:57:9:57:23 | ...::B(...) [B] | provenance |  |
 | main.rs:57:9:57:23 | ...::B(...) [B] | main.rs:57:22:57:22 | i | provenance |  |
@@ -67,8 +68,8 @@ edges
 | main.rs:73:14:73:42 | ...::C {...} [C] | main.rs:73:9:73:10 | e1 [C] | provenance |  |
 | main.rs:73:40:73:40 | s | main.rs:73:14:73:42 | ...::C {...} [C] | provenance |  |
 | main.rs:73:40:73:40 | s | main.rs:73:14:73:42 | ...::C {...} [C] | provenance |  |
-| main.rs:74:24:74:25 | e1 [C] | main.rs:74:10:74:26 | get_var_field(...) | provenance | MaD:14 |
-| main.rs:74:24:74:25 | e1 [C] | main.rs:74:10:74:26 | get_var_field(...) | provenance | MaD:14 |
+| main.rs:74:24:74:25 | e1 [C] | main.rs:74:10:74:26 | get_var_field(...) | provenance | MaD:15 |
+| main.rs:74:24:74:25 | e1 [C] | main.rs:74:10:74:26 | get_var_field(...) | provenance | MaD:15 |
 | main.rs:85:9:85:9 | s | main.rs:86:28:86:28 | s | provenance |  |
 | main.rs:85:9:85:9 | s | main.rs:86:28:86:28 | s | provenance |  |
 | main.rs:85:13:85:21 | source(...) | main.rs:85:9:85:9 | s | provenance |  |
@@ -77,8 +78,8 @@ edges
 | main.rs:86:9:86:10 | e1 [D] | main.rs:87:11:87:12 | e1 [D] | provenance |  |
 | main.rs:86:14:86:29 | set_var_field(...) [D] | main.rs:86:9:86:10 | e1 [D] | provenance |  |
 | main.rs:86:14:86:29 | set_var_field(...) [D] | main.rs:86:9:86:10 | e1 [D] | provenance |  |
-| main.rs:86:28:86:28 | s | main.rs:86:14:86:29 | set_var_field(...) [D] | provenance | MaD:19 |
-| main.rs:86:28:86:28 | s | main.rs:86:14:86:29 | set_var_field(...) [D] | provenance | MaD:19 |
+| main.rs:86:28:86:28 | s | main.rs:86:14:86:29 | set_var_field(...) [D] | provenance | MaD:20 |
+| main.rs:86:28:86:28 | s | main.rs:86:14:86:29 | set_var_field(...) [D] | provenance | MaD:20 |
 | main.rs:87:11:87:12 | e1 [D] | main.rs:89:9:89:37 | ...::D {...} [D] | provenance |  |
 | main.rs:87:11:87:12 | e1 [D] | main.rs:89:9:89:37 | ...::D {...} [D] | provenance |  |
 | main.rs:89:9:89:37 | ...::D {...} [D] | main.rs:89:35:89:35 | i | provenance |  |
@@ -95,8 +96,8 @@ edges
 | main.rs:105:21:108:5 | MyStruct {...} [MyStruct.field1] | main.rs:105:9:105:17 | my_struct [MyStruct.field1] | provenance |  |
 | main.rs:106:17:106:17 | s | main.rs:105:21:108:5 | MyStruct {...} [MyStruct.field1] | provenance |  |
 | main.rs:106:17:106:17 | s | main.rs:105:21:108:5 | MyStruct {...} [MyStruct.field1] | provenance |  |
-| main.rs:109:27:109:35 | my_struct [MyStruct.field1] | main.rs:109:10:109:36 | get_struct_field(...) | provenance | MaD:12 |
-| main.rs:109:27:109:35 | my_struct [MyStruct.field1] | main.rs:109:10:109:36 | get_struct_field(...) | provenance | MaD:12 |
+| main.rs:109:27:109:35 | my_struct [MyStruct.field1] | main.rs:109:10:109:36 | get_struct_field(...) | provenance | MaD:13 |
+| main.rs:109:27:109:35 | my_struct [MyStruct.field1] | main.rs:109:10:109:36 | get_struct_field(...) | provenance | MaD:13 |
 | main.rs:126:9:126:9 | s | main.rs:127:38:127:38 | s | provenance |  |
 | main.rs:126:9:126:9 | s | main.rs:127:38:127:38 | s | provenance |  |
 | main.rs:126:13:126:21 | source(...) | main.rs:126:9:126:9 | s | provenance |  |
@@ -105,16 +106,16 @@ edges
 | main.rs:127:9:127:17 | my_struct [MyStruct.field2] | main.rs:129:10:129:18 | my_struct [MyStruct.field2] | provenance |  |
 | main.rs:127:21:127:39 | set_struct_field(...) [MyStruct.field2] | main.rs:127:9:127:17 | my_struct [MyStruct.field2] | provenance |  |
 | main.rs:127:21:127:39 | set_struct_field(...) [MyStruct.field2] | main.rs:127:9:127:17 | my_struct [MyStruct.field2] | provenance |  |
-| main.rs:127:38:127:38 | s | main.rs:127:21:127:39 | set_struct_field(...) [MyStruct.field2] | provenance | MaD:17 |
-| main.rs:127:38:127:38 | s | main.rs:127:21:127:39 | set_struct_field(...) [MyStruct.field2] | provenance | MaD:17 |
+| main.rs:127:38:127:38 | s | main.rs:127:21:127:39 | set_struct_field(...) [MyStruct.field2] | provenance | MaD:18 |
+| main.rs:127:38:127:38 | s | main.rs:127:21:127:39 | set_struct_field(...) [MyStruct.field2] | provenance | MaD:18 |
 | main.rs:129:10:129:18 | my_struct [MyStruct.field2] | main.rs:129:10:129:25 | my_struct.field2 | provenance |  |
 | main.rs:129:10:129:18 | my_struct [MyStruct.field2] | main.rs:129:10:129:25 | my_struct.field2 | provenance |  |
 | main.rs:138:9:138:9 | s | main.rs:139:29:139:29 | s | provenance |  |
 | main.rs:138:9:138:9 | s | main.rs:139:29:139:29 | s | provenance |  |
 | main.rs:138:13:138:21 | source(...) | main.rs:138:9:138:9 | s | provenance |  |
 | main.rs:138:13:138:21 | source(...) | main.rs:138:9:138:9 | s | provenance |  |
-| main.rs:139:28:139:30 | [...] [element] | main.rs:139:10:139:31 | get_array_element(...) | provenance | MaD:10 |
-| main.rs:139:28:139:30 | [...] [element] | main.rs:139:10:139:31 | get_array_element(...) | provenance | MaD:10 |
+| main.rs:139:28:139:30 | [...] [element] | main.rs:139:10:139:31 | get_array_element(...) | provenance | MaD:11 |
+| main.rs:139:28:139:30 | [...] [element] | main.rs:139:10:139:31 | get_array_element(...) | provenance | MaD:11 |
 | main.rs:139:29:139:29 | s | main.rs:139:28:139:30 | [...] [element] | provenance |  |
 | main.rs:139:29:139:29 | s | main.rs:139:28:139:30 | [...] [element] | provenance |  |
 | main.rs:148:9:148:9 | s | main.rs:149:33:149:33 | s | provenance |  |
@@ -125,8 +126,8 @@ edges
 | main.rs:149:9:149:11 | arr [element] | main.rs:150:10:150:12 | arr [element] | provenance |  |
 | main.rs:149:15:149:34 | set_array_element(...) [element] | main.rs:149:9:149:11 | arr [element] | provenance |  |
 | main.rs:149:15:149:34 | set_array_element(...) [element] | main.rs:149:9:149:11 | arr [element] | provenance |  |
-| main.rs:149:33:149:33 | s | main.rs:149:15:149:34 | set_array_element(...) [element] | provenance | MaD:16 |
-| main.rs:149:33:149:33 | s | main.rs:149:15:149:34 | set_array_element(...) [element] | provenance | MaD:16 |
+| main.rs:149:33:149:33 | s | main.rs:149:15:149:34 | set_array_element(...) [element] | provenance | MaD:17 |
+| main.rs:149:33:149:33 | s | main.rs:149:15:149:34 | set_array_element(...) [element] | provenance | MaD:17 |
 | main.rs:150:10:150:12 | arr [element] | main.rs:150:10:150:15 | arr[0] | provenance |  |
 | main.rs:150:10:150:12 | arr [element] | main.rs:150:10:150:15 | arr[0] | provenance |  |
 | main.rs:159:9:159:9 | s | main.rs:160:14:160:14 | s | provenance |  |
@@ -139,8 +140,8 @@ edges
 | main.rs:160:13:160:18 | TupleExpr [tuple.0] | main.rs:160:9:160:9 | t [tuple.0] | provenance |  |
 | main.rs:160:14:160:14 | s | main.rs:160:13:160:18 | TupleExpr [tuple.0] | provenance |  |
 | main.rs:160:14:160:14 | s | main.rs:160:13:160:18 | TupleExpr [tuple.0] | provenance |  |
-| main.rs:161:28:161:28 | t [tuple.0] | main.rs:161:10:161:29 | get_tuple_element(...) | provenance | MaD:13 |
-| main.rs:161:28:161:28 | t [tuple.0] | main.rs:161:10:161:29 | get_tuple_element(...) | provenance | MaD:13 |
+| main.rs:161:28:161:28 | t [tuple.0] | main.rs:161:10:161:29 | get_tuple_element(...) | provenance | MaD:14 |
+| main.rs:161:28:161:28 | t [tuple.0] | main.rs:161:10:161:29 | get_tuple_element(...) | provenance | MaD:14 |
 | main.rs:172:9:172:9 | s | main.rs:173:31:173:31 | s | provenance |  |
 | main.rs:172:9:172:9 | s | main.rs:173:31:173:31 | s | provenance |  |
 | main.rs:172:13:172:22 | source(...) | main.rs:172:9:172:9 | s | provenance |  |
@@ -149,8 +150,8 @@ edges
 | main.rs:173:9:173:9 | t [tuple.1] | main.rs:175:10:175:10 | t [tuple.1] | provenance |  |
 | main.rs:173:13:173:32 | set_tuple_element(...) [tuple.1] | main.rs:173:9:173:9 | t [tuple.1] | provenance |  |
 | main.rs:173:13:173:32 | set_tuple_element(...) [tuple.1] | main.rs:173:9:173:9 | t [tuple.1] | provenance |  |
-| main.rs:173:31:173:31 | s | main.rs:173:13:173:32 | set_tuple_element(...) [tuple.1] | provenance | MaD:18 |
-| main.rs:173:31:173:31 | s | main.rs:173:13:173:32 | set_tuple_element(...) [tuple.1] | provenance | MaD:18 |
+| main.rs:173:31:173:31 | s | main.rs:173:13:173:32 | set_tuple_element(...) [tuple.1] | provenance | MaD:19 |
+| main.rs:173:31:173:31 | s | main.rs:173:13:173:32 | set_tuple_element(...) [tuple.1] | provenance | MaD:19 |
 | main.rs:175:10:175:10 | t [tuple.1] | main.rs:175:10:175:12 | t.1 | provenance |  |
 | main.rs:175:10:175:10 | t [tuple.1] | main.rs:175:10:175:12 | t.1 | provenance |  |
 | main.rs:184:9:184:9 | s | main.rs:189:11:189:11 | s | provenance |  |
@@ -159,8 +160,8 @@ edges
 | main.rs:184:13:184:22 | source(...) | main.rs:184:9:184:9 | s | provenance |  |
 | main.rs:185:14:185:14 | ... | main.rs:186:14:186:14 | n | provenance |  |
 | main.rs:185:14:185:14 | ... | main.rs:186:14:186:14 | n | provenance |  |
-| main.rs:189:11:189:11 | s | main.rs:185:14:185:14 | ... | provenance | MaD:7 |
-| main.rs:189:11:189:11 | s | main.rs:185:14:185:14 | ... | provenance | MaD:7 |
+| main.rs:189:11:189:11 | s | main.rs:185:14:185:14 | ... | provenance | MaD:8 |
+| main.rs:189:11:189:11 | s | main.rs:185:14:185:14 | ... | provenance | MaD:8 |
 | main.rs:193:13:193:22 | source(...) | main.rs:195:23:195:23 | f [captured s] | provenance |  |
 | main.rs:193:13:193:22 | source(...) | main.rs:195:23:195:23 | f [captured s] | provenance |  |
 | main.rs:194:40:194:40 | s | main.rs:194:17:194:42 | if ... {...} else {...} | provenance |  |
@@ -169,14 +170,14 @@ edges
 | main.rs:195:9:195:9 | t | main.rs:196:10:196:10 | t | provenance |  |
 | main.rs:195:13:195:24 | apply(...) | main.rs:195:9:195:9 | t | provenance |  |
 | main.rs:195:13:195:24 | apply(...) | main.rs:195:9:195:9 | t | provenance |  |
-| main.rs:195:23:195:23 | f [captured s] | main.rs:194:40:194:40 | s | provenance | MaD:7 |
-| main.rs:195:23:195:23 | f [captured s] | main.rs:194:40:194:40 | s | provenance | MaD:7 |
 | main.rs:195:23:195:23 | f [captured s] | main.rs:194:40:194:40 | s | provenance | MaD:8 |
 | main.rs:195:23:195:23 | f [captured s] | main.rs:194:40:194:40 | s | provenance | MaD:8 |
-| main.rs:195:23:195:23 | f [captured s] | main.rs:195:13:195:24 | apply(...) | provenance | MaD:7 |
-| main.rs:195:23:195:23 | f [captured s] | main.rs:195:13:195:24 | apply(...) | provenance | MaD:7 |
+| main.rs:195:23:195:23 | f [captured s] | main.rs:194:40:194:40 | s | provenance | MaD:9 |
+| main.rs:195:23:195:23 | f [captured s] | main.rs:194:40:194:40 | s | provenance | MaD:9 |
 | main.rs:195:23:195:23 | f [captured s] | main.rs:195:13:195:24 | apply(...) | provenance | MaD:8 |
 | main.rs:195:23:195:23 | f [captured s] | main.rs:195:13:195:24 | apply(...) | provenance | MaD:8 |
+| main.rs:195:23:195:23 | f [captured s] | main.rs:195:13:195:24 | apply(...) | provenance | MaD:9 |
+| main.rs:195:23:195:23 | f [captured s] | main.rs:195:13:195:24 | apply(...) | provenance | MaD:9 |
 | main.rs:200:9:200:9 | s | main.rs:202:19:202:19 | s | provenance |  |
 | main.rs:200:9:200:9 | s | main.rs:202:19:202:19 | s | provenance |  |
 | main.rs:200:13:200:22 | source(...) | main.rs:200:9:200:9 | s | provenance |  |
@@ -187,10 +188,10 @@ edges
 | main.rs:202:9:202:9 | t | main.rs:203:10:203:10 | t | provenance |  |
 | main.rs:202:13:202:23 | apply(...) | main.rs:202:9:202:9 | t | provenance |  |
 | main.rs:202:13:202:23 | apply(...) | main.rs:202:9:202:9 | t | provenance |  |
-| main.rs:202:19:202:19 | s | main.rs:201:14:201:14 | ... | provenance | MaD:7 |
-| main.rs:202:19:202:19 | s | main.rs:201:14:201:14 | ... | provenance | MaD:7 |
-| main.rs:202:19:202:19 | s | main.rs:202:13:202:23 | apply(...) | provenance | MaD:7 |
-| main.rs:202:19:202:19 | s | main.rs:202:13:202:23 | apply(...) | provenance | MaD:7 |
+| main.rs:202:19:202:19 | s | main.rs:201:14:201:14 | ... | provenance | MaD:8 |
+| main.rs:202:19:202:19 | s | main.rs:201:14:201:14 | ... | provenance | MaD:8 |
+| main.rs:202:19:202:19 | s | main.rs:202:13:202:23 | apply(...) | provenance | MaD:8 |
+| main.rs:202:19:202:19 | s | main.rs:202:13:202:23 | apply(...) | provenance | MaD:8 |
 | main.rs:212:9:212:9 | s | main.rs:213:30:213:30 | s | provenance |  |
 | main.rs:212:9:212:9 | s | main.rs:213:30:213:30 | s | provenance |  |
 | main.rs:212:13:212:22 | source(...) | main.rs:212:9:212:9 | s | provenance |  |
@@ -201,12 +202,12 @@ edges
 | main.rs:213:13:213:31 | get_async_number(...) [future] | main.rs:213:13:213:37 | await ... | provenance |  |
 | main.rs:213:13:213:37 | await ... | main.rs:213:9:213:9 | t | provenance |  |
 | main.rs:213:13:213:37 | await ... | main.rs:213:9:213:9 | t | provenance |  |
-| main.rs:213:30:213:30 | s | main.rs:213:13:213:31 | get_async_number(...) [future] | provenance | MaD:11 |
-| main.rs:213:30:213:30 | s | main.rs:213:13:213:31 | get_async_number(...) [future] | provenance | MaD:11 |
+| main.rs:213:30:213:30 | s | main.rs:213:13:213:31 | get_async_number(...) [future] | provenance | MaD:12 |
+| main.rs:213:30:213:30 | s | main.rs:213:13:213:31 | get_async_number(...) [future] | provenance | MaD:12 |
 | main.rs:233:9:233:9 | s [D] | main.rs:234:11:234:11 | s [D] | provenance |  |
 | main.rs:233:9:233:9 | s [D] | main.rs:234:11:234:11 | s [D] | provenance |  |
-| main.rs:233:13:233:23 | enum_source | main.rs:233:13:233:27 | enum_source(...) [D] | provenance | Src:MaD:5  |
-| main.rs:233:13:233:23 | enum_source | main.rs:233:13:233:27 | enum_source(...) [D] | provenance | Src:MaD:5  |
+| main.rs:233:13:233:23 | enum_source | main.rs:233:13:233:27 | enum_source(...) [D] | provenance | Src:MaD:6  |
+| main.rs:233:13:233:23 | enum_source | main.rs:233:13:233:27 | enum_source(...) [D] | provenance | Src:MaD:6  |
 | main.rs:233:13:233:27 | enum_source(...) [D] | main.rs:233:9:233:9 | s [D] | provenance |  |
 | main.rs:233:13:233:27 | enum_source(...) [D] | main.rs:233:9:233:9 | s [D] | provenance |  |
 | main.rs:234:11:234:11 | s [D] | main.rs:236:9:236:37 | ...::D {...} [D] | provenance |  |
@@ -249,8 +250,8 @@ edges
 | main.rs:261:5:261:5 | e [D] | main.rs:261:7:261:10 | sink | provenance | MaD:1 Sink:MaD:1 |
 | main.rs:270:9:270:9 | s | main.rs:271:10:271:10 | s | provenance |  |
 | main.rs:270:9:270:9 | s | main.rs:271:10:271:10 | s | provenance |  |
-| main.rs:270:13:270:25 | simple_source | main.rs:270:13:270:29 | simple_source(...) | provenance | Src:MaD:6 MaD:6 |
-| main.rs:270:13:270:25 | simple_source | main.rs:270:13:270:29 | simple_source(...) | provenance | Src:MaD:6 MaD:6 |
+| main.rs:270:13:270:25 | simple_source | main.rs:270:13:270:29 | simple_source(...) | provenance | Src:MaD:7 MaD:7 |
+| main.rs:270:13:270:25 | simple_source | main.rs:270:13:270:29 | simple_source(...) | provenance | Src:MaD:7 MaD:7 |
 | main.rs:270:13:270:29 | simple_source(...) | main.rs:270:9:270:9 | s | provenance |  |
 | main.rs:270:13:270:29 | simple_source(...) | main.rs:270:9:270:9 | s | provenance |  |
 | main.rs:278:9:278:9 | s | main.rs:279:17:279:17 | s | provenance |  |
@@ -259,6 +260,10 @@ edges
 | main.rs:278:13:278:22 | source(...) | main.rs:278:9:278:9 | s | provenance |  |
 | main.rs:279:17:279:17 | s | main.rs:279:5:279:15 | simple_sink | provenance | MaD:3 Sink:MaD:3 |
 | main.rs:279:17:279:17 | s | main.rs:279:5:279:15 | simple_sink | provenance | MaD:3 Sink:MaD:3 |
+| main.rs:287:5:287:14 | arg_source | main.rs:287:16:287:16 | [post] i | provenance | Src:MaD:5 MaD:5 |
+| main.rs:287:5:287:14 | arg_source | main.rs:287:16:287:16 | [post] i | provenance | Src:MaD:5 MaD:5 |
+| main.rs:287:16:287:16 | [post] i | main.rs:288:10:288:10 | i | provenance |  |
+| main.rs:287:16:287:16 | [post] i | main.rs:288:10:288:10 | i | provenance |  |
 nodes
 | main.rs:15:9:15:9 | s | semmle.label | s |
 | main.rs:15:9:15:9 | s | semmle.label | s |
@@ -538,6 +543,12 @@ nodes
 | main.rs:279:5:279:15 | simple_sink | semmle.label | simple_sink |
 | main.rs:279:17:279:17 | s | semmle.label | s |
 | main.rs:279:17:279:17 | s | semmle.label | s |
+| main.rs:287:5:287:14 | arg_source | semmle.label | arg_source |
+| main.rs:287:5:287:14 | arg_source | semmle.label | arg_source |
+| main.rs:287:16:287:16 | [post] i | semmle.label | [post] i |
+| main.rs:287:16:287:16 | [post] i | semmle.label | [post] i |
+| main.rs:288:10:288:10 | i | semmle.label | i |
+| main.rs:288:10:288:10 | i | semmle.label | i |
 subpaths
 | main.rs:195:23:195:23 | f [captured s] | main.rs:194:40:194:40 | s | main.rs:194:17:194:42 | if ... {...} else {...} | main.rs:195:13:195:24 | apply(...) |
 | main.rs:195:23:195:23 | f [captured s] | main.rs:194:40:194:40 | s | main.rs:194:17:194:42 | if ... {...} else {...} | main.rs:195:13:195:24 | apply(...) |
@@ -589,3 +600,5 @@ invalidSpecComponent
 | main.rs:271:10:271:10 | s | main.rs:270:13:270:25 | simple_source | main.rs:271:10:271:10 | s | $@ | main.rs:270:13:270:25 | simple_source | simple_source |
 | main.rs:279:5:279:15 | simple_sink | main.rs:278:13:278:22 | source(...) | main.rs:279:5:279:15 | simple_sink | $@ | main.rs:278:13:278:22 | source(...) | source(...) |
 | main.rs:279:5:279:15 | simple_sink | main.rs:278:13:278:22 | source(...) | main.rs:279:5:279:15 | simple_sink | $@ | main.rs:278:13:278:22 | source(...) | source(...) |
+| main.rs:288:10:288:10 | i | main.rs:287:5:287:14 | arg_source | main.rs:288:10:288:10 | i | $@ | main.rs:287:5:287:14 | arg_source | arg_source |
+| main.rs:288:10:288:10 | i | main.rs:287:5:287:14 | arg_source | main.rs:288:10:288:10 | i | $@ | main.rs:287:5:287:14 | arg_source | arg_source |

rust/ql/test/library-tests/dataflow/models/models.ext.yml

@@ -6,6 +6,7 @@ extensions:
       - ["repo::test", "crate::simple_source", "ReturnValue", "test-source", "manual"]
       - ["repo::test", "crate::enum_source", "ReturnValue.Field[crate::MyFieldEnum::D::field_d]", "test-source", "manual"]
       - ["repo::test", "<crate::MyFieldEnum>::source", "ReturnValue.Field[crate::MyFieldEnum::C::field_c]", "test-source", "manual"]
+      - ["repo::test", "crate::arg_source", "Argument[0]", "test-source", "manual"]
   - addsTo:
       pack: codeql/rust-all
       extensible: sinkModel

rust/ql/test/library-tests/path-resolution/main.rs

@@ -495,4 +495,7 @@ fn main() {
     m15::f(); // $ item=I75
     m16::f(); // $ item=I83
     m17::f(); // $ item=I99
+    nested6::f(); // $ item=I116
+    nested8::f(); // $ item=I119
+    my3::f(); // $ item=I200
 }

rust/ql/test/library-tests/path-resolution/my2/mod.rs

@@ -1,6 +1,12 @@
 pub mod nested2; // I8
 
 fn g() {
-    println!("mod.rs::g");
+    println!("my2/mod.rs::g");
     nested2::nested3::nested4::f(); // $ item=I12
 } // I9
+
+pub use nested2::nested5::*; // $ item=I114
+
+pub use nested2::nested7::nested8::{self}; // $ item=I118
+
+pub mod my3;

rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs

@@ -0,0 +1,8 @@
+pub fn f() {
+    println!("my2/my3/mod.rs::f");
+    g(); // $ item=I9
+    h(); // $ item=I25
+} // I200
+
+use super::super::h; // $ item=I25
+use super::g; // $ item=I9

rust/ql/test/library-tests/path-resolution/my2/nested2.rs

@@ -9,3 +9,19 @@ pub mod nested3 {
         } // I13
     } // I11
 } // I10
+
+pub mod nested5 {
+    pub mod nested6 {
+        pub fn f() {
+            println!("nested2.rs::nested5::nested6::f");
+        } // I116
+    } // I115
+} // I114
+
+pub mod nested7 {
+    pub mod nested8 {
+        pub fn f() {
+            println!("nested2.rs::nested7::nested8::f");
+        } // I119
+    } // I118
+} // I117

rust/ql/test/library-tests/path-resolution/path-resolution.expected

@@ -22,8 +22,13 @@ mod
 | main.rs:350:1:442:1 | mod m16 |
 | main.rs:444:1:474:1 | mod m17 |
 | my2/mod.rs:1:1:1:16 | mod nested2 |
+| my2/mod.rs:12:1:12:12 | mod my3 |
 | my2/nested2.rs:1:1:11:1 | mod nested3 |
 | my2/nested2.rs:2:5:10:5 | mod nested4 |
+| my2/nested2.rs:13:1:19:1 | mod nested5 |
+| my2/nested2.rs:14:5:18:5 | mod nested6 |
+| my2/nested2.rs:21:1:27:1 | mod nested7 |
+| my2/nested2.rs:22:5:26:5 | mod nested8 |
 | my.rs:1:1:1:15 | mod nested |
 | my/nested.rs:1:1:17:1 | mod nested1 |
 | my/nested.rs:2:5:11:5 | mod nested2 |
@@ -46,7 +51,7 @@ resolvePath
 | main.rs:30:17:30:21 | super | main.rs:18:5:36:5 | mod m2 |
 | main.rs:30:17:30:24 | ...::f | main.rs:19:9:21:9 | fn f |
 | main.rs:33:17:33:17 | f | main.rs:19:9:21:9 | fn f |
-| main.rs:40:9:40:13 | super | main.rs:1:1:498:2 | SourceFile |
+| main.rs:40:9:40:13 | super | main.rs:1:1:501:2 | SourceFile |
 | main.rs:40:9:40:17 | ...::m1 | main.rs:13:1:37:1 | mod m1 |
 | main.rs:40:9:40:21 | ...::m2 | main.rs:18:5:36:5 | mod m2 |
 | main.rs:40:9:40:24 | ...::g | main.rs:23:9:27:9 | fn g |
@@ -58,7 +63,7 @@ resolvePath
 | main.rs:61:17:61:19 | Foo | main.rs:59:9:59:21 | struct Foo |
 | main.rs:64:13:64:15 | Foo | main.rs:53:5:53:17 | struct Foo |
 | main.rs:66:5:66:5 | f | main.rs:55:5:62:5 | fn f |
-| main.rs:68:5:68:8 | self | main.rs:1:1:498:2 | SourceFile |
+| main.rs:68:5:68:8 | self | main.rs:1:1:501:2 | SourceFile |
 | main.rs:68:5:68:11 | ...::i | main.rs:71:1:83:1 | fn i |
 | main.rs:74:13:74:15 | Foo | main.rs:48:1:48:13 | struct Foo |
 | main.rs:81:17:81:19 | Foo | main.rs:77:9:79:9 | struct Foo |
@@ -72,7 +77,7 @@ resolvePath
 | main.rs:87:57:87:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g |
 | main.rs:87:80:87:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 |
 | main.rs:100:5:100:22 | f_defined_in_macro | main.rs:99:18:99:42 | fn f_defined_in_macro |
-| main.rs:117:13:117:17 | super | main.rs:1:1:498:2 | SourceFile |
+| main.rs:117:13:117:17 | super | main.rs:1:1:501:2 | SourceFile |
 | main.rs:117:13:117:21 | ...::m5 | main.rs:103:1:107:1 | mod m5 |
 | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f |
 | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f |
@@ -127,7 +132,7 @@ resolvePath
 | main.rs:274:16:274:16 | T | main.rs:268:7:268:7 | T |
 | main.rs:275:14:275:17 | Self | main.rs:266:5:276:5 | trait MyParamTrait |
 | main.rs:275:14:275:33 | ...::AssociatedType | main.rs:270:9:270:28 | TypeAlias |
-| main.rs:284:13:284:17 | crate | main.rs:1:1:498:2 | SourceFile |
+| main.rs:284:13:284:17 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) |
 | main.rs:284:13:284:22 | ...::m13 | main.rs:279:1:292:1 | mod m13 |
 | main.rs:284:13:284:25 | ...::f | main.rs:280:5:280:17 | fn f |
 | main.rs:284:13:284:25 | ...::f | main.rs:280:19:281:19 | struct f |
@@ -218,7 +223,7 @@ resolvePath
 | main.rs:479:5:479:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f |
 | main.rs:480:5:480:5 | f | my2/nested2.rs:3:9:5:9 | fn f |
 | main.rs:481:5:481:5 | g | my2/nested2.rs:7:9:9:9 | fn g |
-| main.rs:482:5:482:9 | crate | main.rs:1:1:498:2 | SourceFile |
+| main.rs:482:5:482:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) |
 | main.rs:482:5:482:12 | ...::h | main.rs:50:1:69:1 | fn h |
 | main.rs:483:5:483:6 | m1 | main.rs:13:1:37:1 | mod m1 |
 | main.rs:483:5:483:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 |
@@ -249,10 +254,29 @@ resolvePath
 | main.rs:496:5:496:10 | ...::f | main.rs:417:5:441:5 | fn f |
 | main.rs:497:5:497:7 | m17 | main.rs:444:1:474:1 | mod m17 |
 | main.rs:497:5:497:10 | ...::f | main.rs:468:5:473:5 | fn f |
+| main.rs:498:5:498:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 |
+| main.rs:498:5:498:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f |
+| main.rs:499:5:499:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 |
+| main.rs:499:5:499:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f |
+| main.rs:500:5:500:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 |
+| main.rs:500:5:500:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f |
 | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 |
 | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 |
 | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 |
 | my2/mod.rs:5:5:5:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f |
+| my2/mod.rs:8:9:8:15 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 |
+| my2/mod.rs:8:9:8:24 | ...::nested5 | my2/nested2.rs:13:1:19:1 | mod nested5 |
+| my2/mod.rs:10:9:10:15 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 |
+| my2/mod.rs:10:9:10:24 | ...::nested7 | my2/nested2.rs:21:1:27:1 | mod nested7 |
+| my2/mod.rs:10:9:10:33 | ...::nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 |
+| my2/mod.rs:10:37:10:40 | self | my2/nested2.rs:22:5:26:5 | mod nested8 |
+| my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g |
+| my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h |
+| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile |
+| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:501:2 | SourceFile |
+| my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h |
+| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile |
+| my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g |
 | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested |
 | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g |
 | my.rs:11:5:11:5 | g | my/nested.rs:19:1:22:1 | fn g |

rust/ql/test/library-tests/path-resolution/path-resolution.ql

@@ -1,49 +1,8 @@
 import rust
 import codeql.rust.internal.PathResolution
-import codeql.rust.internal.TypeInference
-import utils.test.InlineExpectationsTest
+import utils.test.PathResolutionInlineExpectationsTest
 import TestUtils
 
 query predicate mod(Module m) { toBeTested(m) }
 
 query predicate resolvePath(Path p, ItemNode i) { toBeTested(p) and i = resolvePath(p) }
-
-module ResolveTest implements TestSig {
-  string getARelevantTag() { result = "item" }
-
-  private predicate itemAt(ItemNode i, string filepath, int line, boolean inMacro) {
-    i.getLocation().hasLocationInfo(filepath, _, _, line, _) and
-    if i.isInMacroExpansion() then inMacro = true else inMacro = false
-  }
-
-  private predicate commmentAt(string text, string filepath, int line) {
-    exists(Comment c |
-      c.getLocation().hasLocationInfo(filepath, line, _, _, _) and
-      c.getCommentText() = text
-    )
-  }
-
-  private predicate item(ItemNode i, string value) {
-    exists(string filepath, int line, boolean inMacro | itemAt(i, filepath, line, inMacro) |
-      commmentAt(value, filepath, line) and inMacro = false
-      or
-      not (commmentAt(_, filepath, line) and inMacro = false) and
-      value = i.getName()
-    )
-  }
-
-  predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(AstNode n |
-      not n = any(Path parent).getQualifier() and
-      location = n.getLocation() and
-      element = n.toString() and
-      tag = "item"
-    |
-      item(resolvePath(n), value)
-      or
-      item(n.(MethodCallExpr).getStaticTarget(), value)
-    )
-  }
-}
-
-import MakeTest<ResolveTest>

rust/ql/test/library-tests/type-inference/main.rs

@@ -255,8 +255,8 @@ mod type_parameter_bounds {
 
 mod function_trait_bounds {
     #[derive(Debug)]
-    struct MyThing<A> {
-        a: A,
+    struct MyThing<T> {
+        a: T,
     }
 
     #[derive(Debug)]
@@ -387,12 +387,12 @@ mod method_supertraits {
     #[derive(Debug)]
     struct S2;
 
-    trait MyTrait1<A> {
-        fn m1(self) -> A;
+    trait MyTrait1<Tr1> {
+        fn m1(self) -> Tr1;
     }
 
-    trait MyTrait2<A>: MyTrait1<A> {
-        fn m2(self) -> A
+    trait MyTrait2<Tr2>: MyTrait1<Tr2> {
+        fn m2(self) -> Tr2
         where
             Self: Sized,
         {
@@ -404,8 +404,8 @@ mod method_supertraits {
         }
     }
 
-    trait MyTrait3<A>: MyTrait2<MyThing<A>> {
-        fn m3(self) -> A
+    trait MyTrait3<Tr3>: MyTrait2<MyThing<Tr3>> {
+        fn m3(self) -> Tr3
         where
             Self: Sized,
         {

rust/ql/test/library-tests/type-inference/type-inference.expected

@@ -337,69 +337,69 @@ inferType
 | main.rs:279:9:279:9 | x | A | main.rs:278:22:278:23 | T1 |
 | main.rs:279:9:279:14 | x.m1(...) |  | main.rs:278:22:278:23 | T1 |
 | main.rs:283:15:283:18 | SelfParam |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:283:15:283:18 | SelfParam | A | main.rs:282:10:282:10 | T |
+| main.rs:283:15:283:18 | SelfParam | T | main.rs:282:10:282:10 | T |
 | main.rs:283:26:285:9 | { ... } |  | main.rs:282:10:282:10 | T |
 | main.rs:284:13:284:16 | self |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:284:13:284:16 | self | A | main.rs:282:10:282:10 | T |
+| main.rs:284:13:284:16 | self | T | main.rs:282:10:282:10 | T |
 | main.rs:284:13:284:18 | self.a |  | main.rs:282:10:282:10 | T |
 | main.rs:289:13:289:13 | x |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:289:13:289:13 | x | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:289:13:289:13 | x | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:289:17:289:33 | MyThing {...} |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:289:17:289:33 | MyThing {...} | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:289:17:289:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:289:30:289:31 | S1 |  | main.rs:262:5:263:14 | struct S1 |
 | main.rs:290:13:290:13 | y |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:290:13:290:13 | y | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:290:13:290:13 | y | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:290:17:290:33 | MyThing {...} |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:290:17:290:33 | MyThing {...} | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:290:17:290:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:290:30:290:31 | S2 |  | main.rs:264:5:265:14 | struct S2 |
 | main.rs:292:26:292:26 | x |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:292:26:292:26 | x | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:292:26:292:26 | x | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:292:26:292:31 | x.m1(...) |  | main.rs:262:5:263:14 | struct S1 |
 | main.rs:293:26:293:26 | y |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:293:26:293:26 | y | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:293:26:293:26 | y | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:293:26:293:31 | y.m1(...) |  | main.rs:264:5:265:14 | struct S2 |
 | main.rs:295:13:295:13 | x |  | main.rs:257:5:260:5 | struct MyThing |
 | main.rs:295:13:295:13 | x |  | main.rs:267:5:276:5 | trait MyTrait |
 | main.rs:295:13:295:13 | x | A | main.rs:262:5:263:14 | struct S1 |
-| main.rs:295:13:295:13 | x | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:295:13:295:13 | x | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:295:17:295:33 | MyThing {...} |  | main.rs:257:5:260:5 | struct MyThing |
 | main.rs:295:17:295:33 | MyThing {...} |  | main.rs:267:5:276:5 | trait MyTrait |
 | main.rs:295:17:295:33 | MyThing {...} | A | main.rs:262:5:263:14 | struct S1 |
-| main.rs:295:17:295:33 | MyThing {...} | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:295:17:295:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:295:30:295:31 | S1 |  | main.rs:262:5:263:14 | struct S1 |
 | main.rs:296:13:296:13 | y |  | main.rs:257:5:260:5 | struct MyThing |
 | main.rs:296:13:296:13 | y |  | main.rs:267:5:276:5 | trait MyTrait |
 | main.rs:296:13:296:13 | y | A | main.rs:264:5:265:14 | struct S2 |
-| main.rs:296:13:296:13 | y | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:296:13:296:13 | y | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:296:17:296:33 | MyThing {...} |  | main.rs:257:5:260:5 | struct MyThing |
 | main.rs:296:17:296:33 | MyThing {...} |  | main.rs:267:5:276:5 | trait MyTrait |
 | main.rs:296:17:296:33 | MyThing {...} | A | main.rs:264:5:265:14 | struct S2 |
-| main.rs:296:17:296:33 | MyThing {...} | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:296:17:296:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:296:30:296:31 | S2 |  | main.rs:264:5:265:14 | struct S2 |
 | main.rs:298:26:298:26 | x |  | main.rs:257:5:260:5 | struct MyThing |
 | main.rs:298:26:298:26 | x |  | main.rs:267:5:276:5 | trait MyTrait |
 | main.rs:298:26:298:26 | x | A | main.rs:262:5:263:14 | struct S1 |
-| main.rs:298:26:298:26 | x | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:298:26:298:26 | x | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:298:26:298:31 | x.m2(...) |  | main.rs:262:5:263:14 | struct S1 |
 | main.rs:299:26:299:26 | y |  | main.rs:257:5:260:5 | struct MyThing |
 | main.rs:299:26:299:26 | y |  | main.rs:267:5:276:5 | trait MyTrait |
 | main.rs:299:26:299:26 | y | A | main.rs:264:5:265:14 | struct S2 |
-| main.rs:299:26:299:26 | y | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:299:26:299:31 | y.m2(...) |  | main.rs:264:5:265:14 | struct S2 |
 | main.rs:301:13:301:13 | x |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:301:13:301:13 | x | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:301:17:301:33 | MyThing {...} |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:301:17:301:33 | MyThing {...} | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:301:30:301:31 | S1 |  | main.rs:262:5:263:14 | struct S1 |
 | main.rs:302:13:302:13 | y |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:302:13:302:13 | y | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:302:17:302:33 | MyThing {...} |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:302:17:302:33 | MyThing {...} | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:302:30:302:31 | S2 |  | main.rs:264:5:265:14 | struct S2 |
 | main.rs:304:40:304:40 | x |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:304:40:304:40 | x | A | main.rs:262:5:263:14 | struct S1 |
+| main.rs:304:40:304:40 | x | T | main.rs:262:5:263:14 | struct S1 |
 | main.rs:305:40:305:40 | y |  | main.rs:257:5:260:5 | struct MyThing |
-| main.rs:305:40:305:40 | y | A | main.rs:264:5:265:14 | struct S2 |
+| main.rs:305:40:305:40 | y | T | main.rs:264:5:265:14 | struct S2 |
 | main.rs:313:15:313:18 | SelfParam |  | main.rs:310:5:322:5 | trait MyTrait |
 | main.rs:315:15:315:18 | SelfParam |  | main.rs:310:5:322:5 | trait MyTrait |
 | main.rs:330:15:330:18 | SelfParam |  | main.rs:324:5:325:13 | struct S |
@@ -442,50 +442,50 @@ inferType
 | main.rs:370:26:370:26 | y | A | main.rs:353:5:354:14 | struct S2 |
 | main.rs:370:26:370:31 | y.m1(...) |  | main.rs:353:5:354:14 | struct S2 |
 | main.rs:391:15:391:18 | SelfParam |  | main.rs:390:5:392:5 | trait MyTrait1 |
-| main.rs:391:15:391:18 | SelfParam | A | main.rs:390:20:390:20 | A |
+| main.rs:391:15:391:18 | SelfParam | Tr1 | main.rs:390:20:390:22 | Tr1 |
 | main.rs:395:15:395:18 | SelfParam |  | main.rs:390:5:392:5 | trait MyTrait1 |
 | main.rs:395:15:395:18 | SelfParam |  | main.rs:394:5:405:5 | trait MyTrait2 |
-| main.rs:395:15:395:18 | SelfParam | A | main.rs:394:20:394:20 | A |
-| main.rs:395:15:395:18 | SelfParam | A | main.rs:394:20:394:20 | A |
-| main.rs:398:9:404:9 | { ... } |  | main.rs:394:20:394:20 | A |
-| main.rs:399:13:403:13 | if ... {...} else {...} |  | main.rs:394:20:394:20 | A |
-| main.rs:399:26:401:13 | { ... } |  | main.rs:394:20:394:20 | A |
+| main.rs:395:15:395:18 | SelfParam | Tr1 | main.rs:394:20:394:22 | Tr2 |
+| main.rs:395:15:395:18 | SelfParam | Tr2 | main.rs:394:20:394:22 | Tr2 |
+| main.rs:398:9:404:9 | { ... } |  | main.rs:394:20:394:22 | Tr2 |
+| main.rs:399:13:403:13 | if ... {...} else {...} |  | main.rs:394:20:394:22 | Tr2 |
+| main.rs:399:26:401:13 | { ... } |  | main.rs:394:20:394:22 | Tr2 |
 | main.rs:400:17:400:20 | self |  | main.rs:390:5:392:5 | trait MyTrait1 |
 | main.rs:400:17:400:20 | self |  | main.rs:394:5:405:5 | trait MyTrait2 |
-| main.rs:400:17:400:20 | self | A | main.rs:394:20:394:20 | A |
-| main.rs:400:17:400:20 | self | A | main.rs:394:20:394:20 | A |
-| main.rs:400:17:400:25 | self.m1(...) |  | main.rs:394:20:394:20 | A |
-| main.rs:401:20:403:13 | { ... } |  | main.rs:394:20:394:20 | A |
-| main.rs:402:17:402:30 | ...::m1(...) |  | main.rs:394:20:394:20 | A |
+| main.rs:400:17:400:20 | self | Tr1 | main.rs:394:20:394:22 | Tr2 |
+| main.rs:400:17:400:20 | self | Tr2 | main.rs:394:20:394:22 | Tr2 |
+| main.rs:400:17:400:25 | self.m1(...) |  | main.rs:394:20:394:22 | Tr2 |
+| main.rs:401:20:403:13 | { ... } |  | main.rs:394:20:394:22 | Tr2 |
+| main.rs:402:17:402:30 | ...::m1(...) |  | main.rs:394:20:394:22 | Tr2 |
 | main.rs:402:26:402:29 | self |  | main.rs:390:5:392:5 | trait MyTrait1 |
 | main.rs:402:26:402:29 | self |  | main.rs:394:5:405:5 | trait MyTrait2 |
-| main.rs:402:26:402:29 | self | A | main.rs:394:20:394:20 | A |
-| main.rs:402:26:402:29 | self | A | main.rs:394:20:394:20 | A |
+| main.rs:402:26:402:29 | self | Tr1 | main.rs:394:20:394:22 | Tr2 |
+| main.rs:402:26:402:29 | self | Tr2 | main.rs:394:20:394:22 | Tr2 |
 | main.rs:408:15:408:18 | SelfParam |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:408:15:408:18 | SelfParam |  | main.rs:407:5:418:5 | trait MyTrait3 |
-| main.rs:408:15:408:18 | SelfParam | A | main.rs:375:5:378:5 | struct MyThing |
-| main.rs:408:15:408:18 | SelfParam | A | main.rs:407:20:407:20 | A |
-| main.rs:408:15:408:18 | SelfParam | A.A | main.rs:407:20:407:20 | A |
-| main.rs:411:9:417:9 | { ... } |  | main.rs:407:20:407:20 | A |
-| main.rs:412:13:416:13 | if ... {...} else {...} |  | main.rs:407:20:407:20 | A |
-| main.rs:412:26:414:13 | { ... } |  | main.rs:407:20:407:20 | A |
+| main.rs:408:15:408:18 | SelfParam | Tr2 | main.rs:375:5:378:5 | struct MyThing |
+| main.rs:408:15:408:18 | SelfParam | Tr2.A | main.rs:407:20:407:22 | Tr3 |
+| main.rs:408:15:408:18 | SelfParam | Tr3 | main.rs:407:20:407:22 | Tr3 |
+| main.rs:411:9:417:9 | { ... } |  | main.rs:407:20:407:22 | Tr3 |
+| main.rs:412:13:416:13 | if ... {...} else {...} |  | main.rs:407:20:407:22 | Tr3 |
+| main.rs:412:26:414:13 | { ... } |  | main.rs:407:20:407:22 | Tr3 |
 | main.rs:413:17:413:20 | self |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:413:17:413:20 | self |  | main.rs:407:5:418:5 | trait MyTrait3 |
-| main.rs:413:17:413:20 | self | A | main.rs:375:5:378:5 | struct MyThing |
-| main.rs:413:17:413:20 | self | A | main.rs:407:20:407:20 | A |
-| main.rs:413:17:413:20 | self | A.A | main.rs:407:20:407:20 | A |
+| main.rs:413:17:413:20 | self | Tr2 | main.rs:375:5:378:5 | struct MyThing |
+| main.rs:413:17:413:20 | self | Tr2.A | main.rs:407:20:407:22 | Tr3 |
+| main.rs:413:17:413:20 | self | Tr3 | main.rs:407:20:407:22 | Tr3 |
 | main.rs:413:17:413:25 | self.m2(...) |  | main.rs:375:5:378:5 | struct MyThing |
-| main.rs:413:17:413:25 | self.m2(...) | A | main.rs:407:20:407:20 | A |
-| main.rs:413:17:413:27 | ... .a |  | main.rs:407:20:407:20 | A |
-| main.rs:414:20:416:13 | { ... } |  | main.rs:407:20:407:20 | A |
+| main.rs:413:17:413:25 | self.m2(...) | A | main.rs:407:20:407:22 | Tr3 |
+| main.rs:413:17:413:27 | ... .a |  | main.rs:407:20:407:22 | Tr3 |
+| main.rs:414:20:416:13 | { ... } |  | main.rs:407:20:407:22 | Tr3 |
 | main.rs:415:17:415:30 | ...::m2(...) |  | main.rs:375:5:378:5 | struct MyThing |
-| main.rs:415:17:415:30 | ...::m2(...) | A | main.rs:407:20:407:20 | A |
-| main.rs:415:17:415:32 | ... .a |  | main.rs:407:20:407:20 | A |
+| main.rs:415:17:415:30 | ...::m2(...) | A | main.rs:407:20:407:22 | Tr3 |
+| main.rs:415:17:415:32 | ... .a |  | main.rs:407:20:407:22 | Tr3 |
 | main.rs:415:26:415:29 | self |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:415:26:415:29 | self |  | main.rs:407:5:418:5 | trait MyTrait3 |
-| main.rs:415:26:415:29 | self | A | main.rs:375:5:378:5 | struct MyThing |
-| main.rs:415:26:415:29 | self | A | main.rs:407:20:407:20 | A |
-| main.rs:415:26:415:29 | self | A.A | main.rs:407:20:407:20 | A |
+| main.rs:415:26:415:29 | self | Tr2 | main.rs:375:5:378:5 | struct MyThing |
+| main.rs:415:26:415:29 | self | Tr2.A | main.rs:407:20:407:22 | Tr3 |
+| main.rs:415:26:415:29 | self | Tr3 | main.rs:407:20:407:22 | Tr3 |
 | main.rs:421:15:421:18 | SelfParam |  | main.rs:375:5:378:5 | struct MyThing |
 | main.rs:421:15:421:18 | SelfParam | A | main.rs:420:10:420:10 | T |
 | main.rs:421:26:423:9 | { ... } |  | main.rs:420:10:420:10 | T |
@@ -520,58 +520,58 @@ inferType
 | main.rs:445:13:445:13 | x |  | main.rs:375:5:378:5 | struct MyThing |
 | main.rs:445:13:445:13 | x |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:445:13:445:13 | x | A | main.rs:385:5:386:14 | struct S1 |
-| main.rs:445:13:445:13 | x | A | main.rs:385:5:386:14 | struct S1 |
+| main.rs:445:13:445:13 | x | Tr2 | main.rs:385:5:386:14 | struct S1 |
 | main.rs:445:17:445:33 | MyThing {...} |  | main.rs:375:5:378:5 | struct MyThing |
 | main.rs:445:17:445:33 | MyThing {...} |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:445:17:445:33 | MyThing {...} | A | main.rs:385:5:386:14 | struct S1 |
-| main.rs:445:17:445:33 | MyThing {...} | A | main.rs:385:5:386:14 | struct S1 |
+| main.rs:445:17:445:33 | MyThing {...} | Tr2 | main.rs:385:5:386:14 | struct S1 |
 | main.rs:445:30:445:31 | S1 |  | main.rs:385:5:386:14 | struct S1 |
 | main.rs:446:13:446:13 | y |  | main.rs:375:5:378:5 | struct MyThing |
 | main.rs:446:13:446:13 | y |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:446:13:446:13 | y | A | main.rs:387:5:388:14 | struct S2 |
-| main.rs:446:13:446:13 | y | A | main.rs:387:5:388:14 | struct S2 |
+| main.rs:446:13:446:13 | y | Tr2 | main.rs:387:5:388:14 | struct S2 |
 | main.rs:446:17:446:33 | MyThing {...} |  | main.rs:375:5:378:5 | struct MyThing |
 | main.rs:446:17:446:33 | MyThing {...} |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:446:17:446:33 | MyThing {...} | A | main.rs:387:5:388:14 | struct S2 |
-| main.rs:446:17:446:33 | MyThing {...} | A | main.rs:387:5:388:14 | struct S2 |
+| main.rs:446:17:446:33 | MyThing {...} | Tr2 | main.rs:387:5:388:14 | struct S2 |
 | main.rs:446:30:446:31 | S2 |  | main.rs:387:5:388:14 | struct S2 |
 | main.rs:448:26:448:26 | x |  | main.rs:375:5:378:5 | struct MyThing |
 | main.rs:448:26:448:26 | x |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:448:26:448:26 | x | A | main.rs:385:5:386:14 | struct S1 |
-| main.rs:448:26:448:26 | x | A | main.rs:385:5:386:14 | struct S1 |
+| main.rs:448:26:448:26 | x | Tr2 | main.rs:385:5:386:14 | struct S1 |
 | main.rs:448:26:448:31 | x.m2(...) |  | main.rs:385:5:386:14 | struct S1 |
 | main.rs:449:26:449:26 | y |  | main.rs:375:5:378:5 | struct MyThing |
 | main.rs:449:26:449:26 | y |  | main.rs:394:5:405:5 | trait MyTrait2 |
 | main.rs:449:26:449:26 | y | A | main.rs:387:5:388:14 | struct S2 |
-| main.rs:449:26:449:26 | y | A | main.rs:387:5:388:14 | struct S2 |
+| main.rs:449:26:449:26 | y | Tr2 | main.rs:387:5:388:14 | struct S2 |
 | main.rs:449:26:449:31 | y.m2(...) |  | main.rs:387:5:388:14 | struct S2 |
 | main.rs:451:13:451:13 | x |  | main.rs:380:5:383:5 | struct MyThing2 |
 | main.rs:451:13:451:13 | x |  | main.rs:407:5:418:5 | trait MyTrait3 |
 | main.rs:451:13:451:13 | x | A | main.rs:385:5:386:14 | struct S1 |
-| main.rs:451:13:451:13 | x | A | main.rs:385:5:386:14 | struct S1 |
+| main.rs:451:13:451:13 | x | Tr3 | main.rs:385:5:386:14 | struct S1 |
 | main.rs:451:17:451:34 | MyThing2 {...} |  | main.rs:380:5:383:5 | struct MyThing2 |
 | main.rs:451:17:451:34 | MyThing2 {...} |  | main.rs:407:5:418:5 | trait MyTrait3 |
 | main.rs:451:17:451:34 | MyThing2 {...} | A | main.rs:385:5:386:14 | struct S1 |
-| main.rs:451:17:451:34 | MyThing2 {...} | A | main.rs:385:5:386:14 | struct S1 |
+| main.rs:451:17:451:34 | MyThing2 {...} | Tr3 | main.rs:385:5:386:14 | struct S1 |
 | main.rs:451:31:451:32 | S1 |  | main.rs:385:5:386:14 | struct S1 |
 | main.rs:452:13:452:13 | y |  | main.rs:380:5:383:5 | struct MyThing2 |
 | main.rs:452:13:452:13 | y |  | main.rs:407:5:418:5 | trait MyTrait3 |
 | main.rs:452:13:452:13 | y | A | main.rs:387:5:388:14 | struct S2 |
-| main.rs:452:13:452:13 | y | A | main.rs:387:5:388:14 | struct S2 |
+| main.rs:452:13:452:13 | y | Tr3 | main.rs:387:5:388:14 | struct S2 |
 | main.rs:452:17:452:34 | MyThing2 {...} |  | main.rs:380:5:383:5 | struct MyThing2 |
 | main.rs:452:17:452:34 | MyThing2 {...} |  | main.rs:407:5:418:5 | trait MyTrait3 |
 | main.rs:452:17:452:34 | MyThing2 {...} | A | main.rs:387:5:388:14 | struct S2 |
-| main.rs:452:17:452:34 | MyThing2 {...} | A | main.rs:387:5:388:14 | struct S2 |
+| main.rs:452:17:452:34 | MyThing2 {...} | Tr3 | main.rs:387:5:388:14 | struct S2 |
 | main.rs:452:31:452:32 | S2 |  | main.rs:387:5:388:14 | struct S2 |
 | main.rs:454:26:454:26 | x |  | main.rs:380:5:383:5 | struct MyThing2 |
 | main.rs:454:26:454:26 | x |  | main.rs:407:5:418:5 | trait MyTrait3 |
 | main.rs:454:26:454:26 | x | A | main.rs:385:5:386:14 | struct S1 |
-| main.rs:454:26:454:26 | x | A | main.rs:385:5:386:14 | struct S1 |
+| main.rs:454:26:454:26 | x | Tr3 | main.rs:385:5:386:14 | struct S1 |
 | main.rs:454:26:454:31 | x.m3(...) |  | main.rs:385:5:386:14 | struct S1 |
 | main.rs:455:26:455:26 | y |  | main.rs:380:5:383:5 | struct MyThing2 |
 | main.rs:455:26:455:26 | y |  | main.rs:407:5:418:5 | trait MyTrait3 |
 | main.rs:455:26:455:26 | y | A | main.rs:387:5:388:14 | struct S2 |
-| main.rs:455:26:455:26 | y | A | main.rs:387:5:388:14 | struct S2 |
+| main.rs:455:26:455:26 | y | Tr3 | main.rs:387:5:388:14 | struct S2 |
 | main.rs:455:26:455:31 | y.m3(...) |  | main.rs:387:5:388:14 | struct S2 |
 | main.rs:473:22:473:22 | x |  | file://:0:0:0:0 | & |
 | main.rs:473:22:473:22 | x | &T | main.rs:473:11:473:19 | T |
@@ -1026,7 +1026,7 @@ resolveMethodCallExpr
 | main.rs:340:26:340:31 | x.m2(...) | main.rs:315:9:321:9 | fn m2 |
 | main.rs:369:26:369:31 | x.m1(...) | main.rs:357:9:362:9 | fn m1 |
 | main.rs:370:26:370:31 | y.m1(...) | main.rs:357:9:362:9 | fn m1 |
-| main.rs:400:17:400:25 | self.m1(...) | main.rs:391:9:391:25 | fn m1 |
+| main.rs:400:17:400:25 | self.m1(...) | main.rs:391:9:391:27 | fn m1 |
 | main.rs:413:17:413:25 | self.m2(...) | main.rs:395:9:404:9 | fn m2 |
 | main.rs:442:26:442:31 | x.m1(...) | main.rs:421:9:423:9 | fn m1 |
 | main.rs:443:26:443:31 | y.m1(...) | main.rs:421:9:423:9 | fn m1 |