Python: rebless second round after shared-CFG dataflow migration

Second batch of test reblessings, capturing changes in result content (not just toString labels): - Framework taint/concept tests (fastapi, sqlalchemy, aiohttp, lxml, stdlib, django-orm): mostly gained MISSING-tainted annotations where the new dataflow no longer reaches sinks. Some are real taint regressions; left as documented failures for follow-up. - Exception-handler tests (CWE-209-StackTraceExposure, EmptyExcept, CatchingBaseException, IncorrectExceptOrder, FileNotAlwaysClosed, FindSubclass/Find, Statements/exit/UseOfExit): the no-raise shared CFG abstraction does not emit ExceptionSuccessor abrupt-completion edges from arbitrary expressions, so except-handler bodies (and their exception target Names) are statically dead. Tracked separately under cfg-modelling-exceptions. - Dataflow-path / control-flow node toString polish across the security query suite (PathInjection, CodeInjection, UnsafeUnpacking, UnsafeUsageOfClientSideEncryptionVersion, RequestWithoutValidation, ReflectedXss, CallGraph): simple-leaf nodes now stringify as their AST text instead of 'After X'. - SSA / call-graph improvements (CmpTest, CallGraph/InlineCallGraphTest): fewer SSA mismatches between new and old; two previously-MISSING tt= annotations resolved. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-30 19:11:23 +02:00 · 2026-05-28 16:47:08 +00:00
parent cf28c32fd8
commit 1bcaa56b10
32 changed files with 1175 additions and 971 deletions
--- a/python/ql/test/2/extractor-tests/hidden/test.expected
+++ b/python/ql/test/2/extractor-tests/hidden/test.expected
@@ -1,5 +1,7 @@
+| .hidden/inner |
 | .hidden/inner/test.py |
 | .hidden/module.py |
+| folder |
 | folder/module.py |
 | package |
 | package/__init__.py |
--- a/python/ql/test/2/query-tests/Exceptions/generators/UnguardedNextInGenerator.expected
+++ b/python/ql/test/2/query-tests/Exceptions/generators/UnguardedNextInGenerator.expected
@@ -1,2 +1,5 @@
 | test.py:5:15:5:22 | ControlFlowNode for next() | Call to 'next()' in a generator. |
 | test.py:10:20:10:27 | ControlFlowNode for next() | Call to 'next()' in a generator. |
+| test.py:34:15:34:24 | ControlFlowNode for next() | Call to 'next()' in a generator. |
+| test.py:41:19:41:28 | ControlFlowNode for next() | Call to 'next()' in a generator. |
+| test.py:62:19:62:28 | ControlFlowNode for next() | Call to 'next()' in a generator. |
--- a/python/ql/test/experimental/library-tests/CallGraph-type-annotations/InlineCallGraphTest.expected
+++ b/python/ql/test/experimental/library-tests/CallGraph-type-annotations/InlineCallGraphTest.expected
@@ -1,6 +1,8 @@
 testFailures
+| type_annotations.py:6:16:6:32 | Comment # $ tt=Foo.method | Missing result: tt=Foo.method |
+| type_annotations.py:16:16:16:32 | Comment # $ tt=Foo.method | Missing result: tt=Foo.method |
+| type_annotations.py:29:5:29:14 | Attribute() | Fixed missing result: tt=Foo.method |
 debug_callableNotUnique
 pointsTo_found_typeTracker_notFound
 typeTracker_found_pointsTo_notFound
-| type_annotations.py:6:5:6:14 | ControlFlowNode for Attribute() | Foo.method |
-| type_annotations.py:16:5:16:14 | ControlFlowNode for Attribute() | Foo.method |
+| type_annotations.py:29:5:29:14 | Attribute() | Foo.method |
--- a/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.expected
+++ b/python/ql/test/experimental/library-tests/CallGraph/InlineCallGraphTest.expected
@@ -1,54 +1,54 @@
 testFailures
+| code/conditional_in_argument.py:18:5:18:11 | Attribute() | Fixed missing result: tt=X.bar |
+| code/funky_regression.py:15:9:15:17 | Attribute() | Fixed missing result: tt=Wat.f2 |
 debug_callableNotUnique
 pointsTo_found_typeTracker_notFound
-| code/class_attr_assign.py:10:9:10:27 | ControlFlowNode for Attribute() | my_func |
-| code/class_attr_assign.py:11:9:11:25 | ControlFlowNode for Attribute() | my_func |
-| code/class_attr_assign.py:26:9:26:25 | ControlFlowNode for Attribute() | DummyObject.method |
-| code/class_super.py:50:1:50:6 | ControlFlowNode for Attribute() | outside_def |
-| code/conditional_in_argument.py:18:5:18:11 | ControlFlowNode for Attribute() | X.bar |
-| code/func_defined_outside_class.py:21:1:21:11 | ControlFlowNode for Attribute() | A.foo |
-| code/func_defined_outside_class.py:22:1:22:15 | ControlFlowNode for Attribute() | outside |
-| code/func_defined_outside_class.py:24:1:24:14 | ControlFlowNode for Attribute() | outside_sm |
-| code/func_defined_outside_class.py:25:1:25:14 | ControlFlowNode for Attribute() | outside_cm |
-| code/func_defined_outside_class.py:38:11:38:21 | ControlFlowNode for _gen() | B._gen |
-| code/func_defined_outside_class.py:39:11:39:21 | ControlFlowNode for _gen() | B._gen |
-| code/func_defined_outside_class.py:42:1:42:7 | ControlFlowNode for Attribute() | B._gen.func |
-| code/func_defined_outside_class.py:43:1:43:7 | ControlFlowNode for Attribute() | B._gen.func |
-| code/funky_regression.py:15:9:15:17 | ControlFlowNode for Attribute() | Wat.f2 |
-| code/type_tracking_limitation.py:8:1:8:3 | ControlFlowNode for x() | my_func |
+| code/class_attr_assign.py:10:9:10:27 | Attribute() | my_func |
+| code/class_attr_assign.py:11:9:11:25 | Attribute() | my_func |
+| code/class_attr_assign.py:26:9:26:25 | Attribute() | DummyObject.method |
+| code/class_super.py:50:1:50:6 | Attribute() | outside_def |
+| code/func_defined_outside_class.py:21:1:21:11 | Attribute() | A.foo |
+| code/func_defined_outside_class.py:22:1:22:15 | Attribute() | outside |
+| code/func_defined_outside_class.py:24:1:24:14 | Attribute() | outside_sm |
+| code/func_defined_outside_class.py:25:1:25:14 | Attribute() | outside_cm |
+| code/func_defined_outside_class.py:38:11:38:21 | _gen() | B._gen |
+| code/func_defined_outside_class.py:39:11:39:21 | _gen() | B._gen |
+| code/func_defined_outside_class.py:42:1:42:7 | Attribute() | B._gen.func |
+| code/func_defined_outside_class.py:43:1:43:7 | Attribute() | B._gen.func |
+| code/type_tracking_limitation.py:8:1:8:3 | x() | my_func |
 typeTracker_found_pointsTo_notFound
-| code/callable_as_argument.py:29:5:29:12 | ControlFlowNode for Attribute() | test_class.InsideTestFunc.sm |
-| code/class_construction.py:44:9:44:26 | ControlFlowNode for Attribute() | WithNew.some_method |
-| code/class_construction.py:61:9:61:26 | ControlFlowNode for Attribute() | WithNew.some_method |
-| code/class_construction.py:75:9:75:27 | ControlFlowNode for Attribute() | ExtraCallToInit.__init__ |
-| code/class_special_methods.py:22:9:22:16 | ControlFlowNode for self() | Base.__call__ |
-| code/class_special_methods.py:22:9:22:16 | ControlFlowNode for self() | Sub.__call__ |
-| code/class_special_methods.py:33:1:33:5 | ControlFlowNode for b() | Base.__call__ |
-| code/class_special_methods.py:59:1:59:7 | ControlFlowNode for sub() | Sub.__call__ |
-| code/class_super.py:43:9:43:21 | ControlFlowNode for Attribute() | A.bar |
-| code/class_super.py:44:9:44:27 | ControlFlowNode for Attribute() | A.bar |
-| code/class_super.py:63:1:63:18 | ControlFlowNode for Attribute() | A.foo |
-| code/class_super.py:78:9:78:28 | ControlFlowNode for Attribute() | A.foo |
-| code/class_super.py:81:1:81:12 | ControlFlowNode for Attribute() | C.foo_on_A |
-| code/class_super.py:92:9:92:21 | ControlFlowNode for Attribute() | X.foo |
-| code/class_super.py:97:9:97:21 | ControlFlowNode for Attribute() | X.foo |
-| code/class_super.py:97:9:97:21 | ControlFlowNode for Attribute() | Y.foo |
-| code/class_super.py:101:1:101:7 | ControlFlowNode for Attribute() | Z.foo |
-| code/class_super.py:108:1:108:8 | ControlFlowNode for Attribute() | Z.foo |
-| code/def_in_function.py:22:5:22:11 | ControlFlowNode for Attribute() | test.A.foo |
-| code/func_ref_in_content.py:32:1:32:4 | ControlFlowNode for f4() | func |
-| code/func_ref_in_content.py:46:1:46:4 | ControlFlowNode for f5() | func |
-| code/func_ref_in_content.py:48:1:48:15 | ControlFlowNode for Subscript() | func2 |
-| code/func_ref_in_content.py:50:1:50:19 | ControlFlowNode for Subscript() | func2 |
-| code/isinstance.py:9:13:9:22 | ControlFlowNode for Attribute() | A.foo |
-| code/isinstance.py:9:13:9:22 | ControlFlowNode for Attribute() | ASub.foo |
-| code/isinstance.py:14:13:14:22 | ControlFlowNode for Attribute() | A.foo |
-| code/isinstance.py:14:13:14:22 | ControlFlowNode for Attribute() | ASub.foo |
-| code/isinstance.py:14:13:14:22 | ControlFlowNode for Attribute() | B.foo |
-| code/isinstance.py:17:13:17:22 | ControlFlowNode for Attribute() | A.foo |
-| code/nested_class.py:83:9:83:16 | ControlFlowNode for Attribute() | X.class_def_in_func.Y.meth |
-| code/self_passing.py:16:9:16:18 | ControlFlowNode for Attribute() | A.foo |
-| code/self_passing.py:16:9:16:18 | ControlFlowNode for Attribute() | B.foo |
-| code/self_passing.py:67:9:67:16 | ControlFlowNode for Attribute() | Y.cm |
-| code/self_passing.py:69:9:69:17 | ControlFlowNode for Attribute() | X.foo |
-| code/underscore_prefix_func_name.py:14:5:14:19 | ControlFlowNode for some_function() | some_function |
+| code/callable_as_argument.py:29:5:29:12 | Attribute() | test_class.InsideTestFunc.sm |
+| code/class_construction.py:44:9:44:26 | Attribute() | WithNew.some_method |
+| code/class_construction.py:61:9:61:26 | Attribute() | WithNew.some_method |
+| code/class_construction.py:75:9:75:27 | Attribute() | ExtraCallToInit.__init__ |
+| code/class_special_methods.py:22:9:22:16 | self() | Base.__call__ |
+| code/class_special_methods.py:22:9:22:16 | self() | Sub.__call__ |
+| code/class_special_methods.py:33:1:33:5 | b() | Base.__call__ |
+| code/class_special_methods.py:59:1:59:7 | sub() | Sub.__call__ |
+| code/class_super.py:43:9:43:21 | Attribute() | A.bar |
+| code/class_super.py:44:9:44:27 | Attribute() | A.bar |
+| code/class_super.py:63:1:63:18 | Attribute() | A.foo |
+| code/class_super.py:78:9:78:28 | Attribute() | A.foo |
+| code/class_super.py:81:1:81:12 | Attribute() | C.foo_on_A |
+| code/class_super.py:92:9:92:21 | Attribute() | X.foo |
+| code/class_super.py:97:9:97:21 | Attribute() | X.foo |
+| code/class_super.py:97:9:97:21 | Attribute() | Y.foo |
+| code/class_super.py:101:1:101:7 | Attribute() | Z.foo |
+| code/class_super.py:108:1:108:8 | Attribute() | Z.foo |
+| code/def_in_function.py:22:5:22:11 | Attribute() | test.A.foo |
+| code/func_ref_in_content.py:32:1:32:4 | f4() | func |
+| code/func_ref_in_content.py:46:1:46:4 | f5() | func |
+| code/func_ref_in_content.py:48:1:48:15 | Subscript() | func2 |
+| code/func_ref_in_content.py:50:1:50:19 | Subscript() | func2 |
+| code/isinstance.py:9:13:9:22 | Attribute() | A.foo |
+| code/isinstance.py:9:13:9:22 | Attribute() | ASub.foo |
+| code/isinstance.py:14:13:14:22 | Attribute() | A.foo |
+| code/isinstance.py:14:13:14:22 | Attribute() | ASub.foo |
+| code/isinstance.py:14:13:14:22 | Attribute() | B.foo |
+| code/isinstance.py:17:13:17:22 | Attribute() | A.foo |
+| code/nested_class.py:83:9:83:16 | Attribute() | X.class_def_in_func.Y.meth |
+| code/self_passing.py:16:9:16:18 | Attribute() | A.foo |
+| code/self_passing.py:16:9:16:18 | Attribute() | B.foo |
+| code/self_passing.py:67:9:67:16 | Attribute() | Y.cm |
+| code/self_passing.py:69:9:69:17 | Attribute() | X.foo |
+| code/underscore_prefix_func_name.py:14:5:14:19 | some_function() | some_function |
--- a/python/ql/test/experimental/library-tests/FindSubclass/Find.expected
+++ b/python/ql/test/experimental/library-tests/FindSubclass/Find.expected
@@ -4,7 +4,6 @@
 | flask.MethodView~Subclass | find_subclass_test | Member[C] |
 | flask.View~Subclass | find_subclass_test | Member[A] |
 | flask.View~Subclass | find_subclass_test | Member[B] |
-| flask.View~Subclass | find_subclass_test | Member[ViewAliasInExcept] |
 | flask.View~Subclass | find_subclass_test | Member[ViewAliasInTry] |
 | flask.View~Subclass | find_subclass_test | Member[ViewAlias] |
 | flask.View~Subclass | find_subclass_test | Member[ViewAlias_no_use] |
--- a/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected
@@ -1,206 +1,208 @@
 #select
-| UnsafeUnpack.py:19:35:19:41 | ControlFlowNode for tarpath | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | UnsafeUnpack.py:19:35:19:41 | ControlFlowNode for tarpath | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | UnsafeUnpack.py:33:50:33:65 | ControlFlowNode for local_ziped_path | UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | UnsafeUnpack.py:103:32:103:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | UnsafeUnpack.py:158:32:158:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:176:1:176:34 | ControlFlowNode for Attribute() | UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | UnsafeUnpack.py:176:1:176:34 | ControlFlowNode for Attribute() | Unsafe extraction from a malicious tarball retrieved from a remote location. |
-| UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute | UnsafeUnpack.py:194:53:194:55 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:19:35:19:41 | tarpath | UnsafeUnpack.py:5:26:5:32 | After ImportMember | UnsafeUnpack.py:19:35:19:41 | tarpath | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:34:23:34:38 | local_ziped_path | UnsafeUnpack.py:33:50:33:65 | local_ziped_path | UnsafeUnpack.py:34:23:34:38 | local_ziped_path | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:48:23:48:37 | compressed_file | UnsafeUnpack.py:47:20:47:34 | compressed_file | UnsafeUnpack.py:48:23:48:37 | compressed_file | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:52:23:52:37 | compressed_file | UnsafeUnpack.py:51:19:51:36 | After Attribute() | UnsafeUnpack.py:52:23:52:37 | compressed_file | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:66:23:66:37 | compressed_file | UnsafeUnpack.py:65:19:65:31 | After Attribute | UnsafeUnpack.py:66:23:66:37 | compressed_file | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:87:23:87:29 | tarpath | UnsafeUnpack.py:79:16:79:28 | After Attribute | UnsafeUnpack.py:87:23:87:29 | tarpath | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:105:35:105:42 | savepath | UnsafeUnpack.py:103:32:103:44 | After Attribute | UnsafeUnpack.py:105:35:105:42 | savepath | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:112:35:112:43 | file_path | UnsafeUnpack.py:108:22:108:34 | After Attribute | UnsafeUnpack.py:112:35:112:43 | file_path | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:120:41:120:58 | uploaded_file_path | UnsafeUnpack.py:116:27:116:39 | After Attribute | UnsafeUnpack.py:120:41:120:58 | uploaded_file_path | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:142:49:142:51 | tar | UnsafeUnpack.py:140:23:140:35 | After Attribute | UnsafeUnpack.py:142:49:142:51 | tar | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:167:67:167:72 | result | UnsafeUnpack.py:158:32:158:44 | After Attribute | UnsafeUnpack.py:167:67:167:72 | result | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:176:1:176:34 | After Attribute() | UnsafeUnpack.py:79:16:79:28 | After Attribute | UnsafeUnpack.py:176:1:176:34 | After Attribute() | Unsafe extraction from a malicious tarball retrieved from a remote location. |
+| UnsafeUnpack.py:201:29:201:36 | After Attribute | UnsafeUnpack.py:194:53:194:55 | tmp | UnsafeUnpack.py:201:29:201:36 | After Attribute | Unsafe extraction from a malicious tarball retrieved from a remote location. |
 edges
-| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | provenance |  |
-| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | provenance |  |
-| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | provenance | dict.get |
-| UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | provenance |  |
-| UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | provenance |  |
-| UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | provenance |  |
-| UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | UnsafeUnpack.py:19:35:19:41 | ControlFlowNode for tarpath | provenance |  |
-| UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | provenance | Config |
-| UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | provenance | Config |
-| UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | provenance | Config |
-| UnsafeUnpack.py:33:50:33:65 | ControlFlowNode for local_ziped_path | UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | provenance |  |
-| UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | provenance |  |
-| UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | provenance |  |
-| UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | provenance |  |
-| UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | provenance |  |
-| UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | provenance |  |
-| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | provenance |  |
-| UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | provenance |  |
-| UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | provenance |  |
-| UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | provenance |  |
-| UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | provenance | Config |
-| UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | provenance | Config |
-| UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | provenance | Config |
-| UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | provenance |  |
-| UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | provenance |  |
-| UnsafeUnpack.py:103:32:103:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | provenance |  |
-| UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | provenance |  |
-| UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | provenance | Config |
-| UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | provenance | Config |
-| UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | provenance |  |
-| UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | provenance | dict.get |
-| UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | provenance |  |
-| UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | provenance |  |
-| UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | provenance | Config |
-| UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | provenance | Config |
-| UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | provenance |  |
-| UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | provenance |  |
-| UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | provenance |  |
-| UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | provenance |  |
-| UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | provenance | Config |
-| UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | provenance |  |
-| UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | provenance |  |
-| UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | provenance |  |
-| UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | provenance |  |
-| UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | provenance |  |
-| UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | provenance |  |
-| UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | provenance |  |
-| UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | provenance |  |
-| UnsafeUnpack.py:158:32:158:44 | ControlFlowNode for Attribute | UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | provenance |  |
-| UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | provenance |  |
-| UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | provenance | Config |
-| UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | provenance | Config |
-| UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | provenance |  |
-| UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | provenance |  |
-| UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | provenance | MaD:1 |
-| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | provenance |  |
-| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | provenance |  |
-| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | provenance |  |
-| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | provenance | list.append |
-| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | provenance |  |
-| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | provenance |  |
-| UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | provenance |  |
-| UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | provenance | Config |
-| UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | provenance | Config |
-| UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | provenance | Config |
-| UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:1:176:34 | ControlFlowNode for Attribute() | provenance | Config |
-| UnsafeUnpack.py:194:53:194:55 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | provenance |  |
-| UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute | provenance | Config |
+| UnsafeUnpack.py:5:26:5:32 | After ImportMember | UnsafeUnpack.py:5:26:5:32 | request | provenance |  |
+| UnsafeUnpack.py:5:26:5:32 | request | UnsafeUnpack.py:11:18:11:24 | request | provenance |  |
+| UnsafeUnpack.py:11:7:11:14 | filename | UnsafeUnpack.py:13:24:13:58 | After Attribute() | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:11:18:11:24 | request | UnsafeUnpack.py:11:18:11:29 | After Attribute | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:11:18:11:29 | After Attribute | UnsafeUnpack.py:11:18:11:49 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:11:18:11:29 | After Attribute | UnsafeUnpack.py:11:18:11:49 | After Attribute() | provenance | dict.get |
+| UnsafeUnpack.py:11:18:11:49 | After Attribute() | UnsafeUnpack.py:11:7:11:14 | filename | provenance |  |
+| UnsafeUnpack.py:13:13:13:20 | response | UnsafeUnpack.py:17:27:17:34 | response | provenance |  |
+| UnsafeUnpack.py:13:24:13:58 | After Attribute() | UnsafeUnpack.py:13:13:13:20 | response | provenance |  |
+| UnsafeUnpack.py:16:23:16:29 | tarpath | UnsafeUnpack.py:19:35:19:41 | tarpath | provenance |  |
+| UnsafeUnpack.py:17:19:17:19 | f | UnsafeUnpack.py:16:23:16:29 | tarpath | provenance | Config |
+| UnsafeUnpack.py:17:27:17:34 | response | UnsafeUnpack.py:17:27:17:38 | After Attribute | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:17:27:17:34 | response | UnsafeUnpack.py:17:27:17:38 | After Attribute | provenance | Config |
+| UnsafeUnpack.py:17:27:17:38 | After Attribute | UnsafeUnpack.py:17:27:17:45 | After Attribute() | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:17:27:17:38 | After Attribute | UnsafeUnpack.py:17:27:17:45 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:17:27:17:45 | After Attribute() | UnsafeUnpack.py:17:19:17:19 | f | provenance | Config |
+| UnsafeUnpack.py:33:50:33:65 | local_ziped_path | UnsafeUnpack.py:34:23:34:38 | local_ziped_path | provenance |  |
+| UnsafeUnpack.py:47:20:47:34 | compressed_file | UnsafeUnpack.py:48:23:48:37 | compressed_file | provenance |  |
+| UnsafeUnpack.py:51:1:51:15 | compressed_file | UnsafeUnpack.py:52:23:52:37 | compressed_file | provenance |  |
+| UnsafeUnpack.py:51:19:51:36 | After Attribute() | UnsafeUnpack.py:51:1:51:15 | compressed_file | provenance |  |
+| UnsafeUnpack.py:65:1:65:15 | compressed_file | UnsafeUnpack.py:66:23:66:37 | compressed_file | provenance |  |
+| UnsafeUnpack.py:65:19:65:31 | After Attribute | UnsafeUnpack.py:65:1:65:15 | compressed_file | provenance |  |
+| UnsafeUnpack.py:79:1:79:12 | url_filename | UnsafeUnpack.py:81:12:81:50 | After Attribute() | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:79:1:79:12 | url_filename | UnsafeUnpack.py:171:12:171:50 | After Attribute() | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:79:16:79:28 | After Attribute | UnsafeUnpack.py:79:1:79:12 | url_filename | provenance |  |
+| UnsafeUnpack.py:81:1:81:8 | response | UnsafeUnpack.py:85:15:85:22 | response | provenance |  |
+| UnsafeUnpack.py:81:12:81:50 | After Attribute() | UnsafeUnpack.py:81:1:81:8 | response | provenance |  |
+| UnsafeUnpack.py:84:11:84:17 | tarpath | UnsafeUnpack.py:87:23:87:29 | tarpath | provenance |  |
+| UnsafeUnpack.py:85:7:85:7 | f | UnsafeUnpack.py:84:11:84:17 | tarpath | provenance | Config |
+| UnsafeUnpack.py:85:15:85:22 | response | UnsafeUnpack.py:85:15:85:26 | After Attribute | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:85:15:85:22 | response | UnsafeUnpack.py:85:15:85:26 | After Attribute | provenance | Config |
+| UnsafeUnpack.py:85:15:85:26 | After Attribute | UnsafeUnpack.py:85:15:85:33 | After Attribute() | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:85:15:85:26 | After Attribute | UnsafeUnpack.py:85:15:85:33 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:85:15:85:33 | After Attribute() | UnsafeUnpack.py:85:7:85:7 | f | provenance | Config |
+| UnsafeUnpack.py:102:23:102:30 | savepath | UnsafeUnpack.py:105:35:105:42 | savepath | provenance |  |
+| UnsafeUnpack.py:103:23:103:27 | chunk | UnsafeUnpack.py:104:37:104:41 | chunk | provenance |  |
+| UnsafeUnpack.py:103:32:103:44 | After Attribute | UnsafeUnpack.py:103:32:103:54 | After Subscript | provenance |  |
+| UnsafeUnpack.py:103:32:103:54 | After Subscript | UnsafeUnpack.py:103:32:103:63 | After Attribute() [empty] | provenance | Config |
+| UnsafeUnpack.py:103:32:103:63 | After Attribute() [empty] | UnsafeUnpack.py:103:23:103:27 | chunk | provenance |  |
+| UnsafeUnpack.py:104:25:104:29 | wfile | UnsafeUnpack.py:102:23:102:30 | savepath | provenance | Config |
+| UnsafeUnpack.py:104:37:104:41 | chunk | UnsafeUnpack.py:104:25:104:29 | wfile | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:104:37:104:41 | chunk | UnsafeUnpack.py:104:25:104:29 | wfile | provenance | Config |
+| UnsafeUnpack.py:108:13:108:18 | myfile | UnsafeUnpack.py:111:27:111:32 | myfile | provenance |  |
+| UnsafeUnpack.py:108:22:108:34 | After Attribute | UnsafeUnpack.py:108:22:108:48 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:108:22:108:34 | After Attribute | UnsafeUnpack.py:108:22:108:48 | After Attribute() | provenance | dict.get |
+| UnsafeUnpack.py:108:22:108:48 | After Attribute() | UnsafeUnpack.py:108:13:108:18 | myfile | provenance |  |
+| UnsafeUnpack.py:110:18:110:26 | file_path | UnsafeUnpack.py:112:35:112:43 | file_path | provenance |  |
+| UnsafeUnpack.py:111:19:111:19 | f | UnsafeUnpack.py:110:18:110:26 | file_path | provenance | Config |
+| UnsafeUnpack.py:111:27:111:32 | myfile | UnsafeUnpack.py:111:27:111:39 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:111:27:111:39 | After Attribute() | UnsafeUnpack.py:111:19:111:19 | f | provenance | Config |
+| UnsafeUnpack.py:116:17:116:21 | ufile | UnsafeUnpack.py:118:38:118:42 | ufile | provenance |  |
+| UnsafeUnpack.py:116:27:116:39 | After Attribute | UnsafeUnpack.py:116:27:116:49 | After Attribute() [empty] | provenance | Config |
+| UnsafeUnpack.py:116:27:116:49 | After Attribute() [empty] | UnsafeUnpack.py:116:17:116:21 | ufile | provenance |  |
+| UnsafeUnpack.py:118:19:118:26 | filename | UnsafeUnpack.py:119:48:119:55 | filename | provenance |  |
+| UnsafeUnpack.py:118:30:118:55 | After Attribute() | UnsafeUnpack.py:118:19:118:26 | filename | provenance |  |
+| UnsafeUnpack.py:118:38:118:42 | ufile | UnsafeUnpack.py:118:38:118:47 | After Attribute | provenance | Config |
+| UnsafeUnpack.py:118:38:118:47 | After Attribute | UnsafeUnpack.py:118:30:118:55 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:119:19:119:36 | uploaded_file_path | UnsafeUnpack.py:120:41:120:58 | uploaded_file_path | provenance |  |
+| UnsafeUnpack.py:119:40:119:56 | After Attribute() | UnsafeUnpack.py:119:19:119:36 | uploaded_file_path | provenance |  |
+| UnsafeUnpack.py:119:48:119:55 | filename | UnsafeUnpack.py:119:40:119:56 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:140:1:140:19 | unsafe_filename_tar | UnsafeUnpack.py:141:22:141:40 | unsafe_filename_tar | provenance |  |
+| UnsafeUnpack.py:140:23:140:35 | After Attribute | UnsafeUnpack.py:140:1:140:19 | unsafe_filename_tar | provenance |  |
+| UnsafeUnpack.py:141:6:141:51 | After Attribute() | UnsafeUnpack.py:141:56:141:58 | tar | provenance |  |
+| UnsafeUnpack.py:141:22:141:40 | unsafe_filename_tar | UnsafeUnpack.py:141:6:141:51 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:141:56:141:58 | tar | UnsafeUnpack.py:142:49:142:51 | tar | provenance |  |
+| UnsafeUnpack.py:157:23:157:30 | savepath | UnsafeUnpack.py:161:38:161:45 | savepath | provenance |  |
+| UnsafeUnpack.py:158:23:158:27 | chunk | UnsafeUnpack.py:159:37:159:41 | chunk | provenance |  |
+| UnsafeUnpack.py:158:32:158:44 | After Attribute | UnsafeUnpack.py:158:32:158:54 | After Subscript | provenance |  |
+| UnsafeUnpack.py:158:32:158:54 | After Subscript | UnsafeUnpack.py:158:32:158:63 | After Attribute() [empty] | provenance | Config |
+| UnsafeUnpack.py:158:32:158:63 | After Attribute() [empty] | UnsafeUnpack.py:158:23:158:27 | chunk | provenance |  |
+| UnsafeUnpack.py:159:25:159:29 | wfile | UnsafeUnpack.py:157:23:157:30 | savepath | provenance | Config |
+| UnsafeUnpack.py:159:37:159:41 | chunk | UnsafeUnpack.py:159:25:159:29 | wfile | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:159:37:159:41 | chunk | UnsafeUnpack.py:159:25:159:29 | wfile | provenance | Config |
+| UnsafeUnpack.py:161:19:161:21 | tar | UnsafeUnpack.py:163:33:163:35 | After tar [empty] | provenance |  |
+| UnsafeUnpack.py:161:25:161:46 | After Attribute() | UnsafeUnpack.py:161:19:161:21 | tar | provenance |  |
+| UnsafeUnpack.py:161:38:161:45 | savepath | UnsafeUnpack.py:161:25:161:46 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:161:38:161:45 | savepath | UnsafeUnpack.py:161:25:161:46 | After Attribute() | provenance | MaD:1 |
+| UnsafeUnpack.py:163:23:163:28 | member | UnsafeUnpack.py:164:26:164:31 | member | provenance |  |
+| UnsafeUnpack.py:163:33:163:35 | After tar [empty] | UnsafeUnpack.py:163:23:163:28 | member | provenance |  |
+| UnsafeUnpack.py:164:26:164:31 | member | UnsafeUnpack.py:166:37:166:42 | member | provenance |  |
+| UnsafeUnpack.py:166:23:166:28 | [post] result | UnsafeUnpack.py:167:67:167:72 | result | provenance |  |
+| UnsafeUnpack.py:166:37:166:42 | member | UnsafeUnpack.py:166:23:166:28 | [post] result | provenance | list.append |
+| UnsafeUnpack.py:171:1:171:8 | response | UnsafeUnpack.py:174:15:174:22 | response | provenance |  |
+| UnsafeUnpack.py:171:12:171:50 | After Attribute() | UnsafeUnpack.py:171:1:171:8 | response | provenance |  |
+| UnsafeUnpack.py:173:11:173:17 | tarpath | UnsafeUnpack.py:176:17:176:23 | tarpath | provenance |  |
+| UnsafeUnpack.py:174:7:174:7 | f | UnsafeUnpack.py:173:11:173:17 | tarpath | provenance | Config |
+| UnsafeUnpack.py:174:15:174:22 | response | UnsafeUnpack.py:174:15:174:26 | After Attribute | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:174:15:174:22 | response | UnsafeUnpack.py:174:15:174:26 | After Attribute | provenance | Config |
+| UnsafeUnpack.py:174:15:174:26 | After Attribute | UnsafeUnpack.py:174:15:174:33 | After Attribute() | provenance | AdditionalTaintStep |
+| UnsafeUnpack.py:174:15:174:26 | After Attribute | UnsafeUnpack.py:174:15:174:33 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:174:15:174:33 | After Attribute() | UnsafeUnpack.py:174:7:174:7 | f | provenance | Config |
+| UnsafeUnpack.py:176:17:176:23 | tarpath | UnsafeUnpack.py:176:1:176:34 | After Attribute() | provenance | Config |
+| UnsafeUnpack.py:194:53:194:55 | tmp | UnsafeUnpack.py:201:29:201:31 | tmp | provenance |  |
+| UnsafeUnpack.py:201:29:201:31 | tmp | UnsafeUnpack.py:201:29:201:36 | After Attribute | provenance | Config |
 models
 | 1 | Summary: tarfile; Member[open]; Argument[0,name:,2,fileobj:]; ReturnValue; taint |
 nodes
-| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| UnsafeUnpack.py:11:7:11:14 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:13:13:13:20 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
-| UnsafeUnpack.py:13:24:13:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:16:23:16:29 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
-| UnsafeUnpack.py:17:19:17:19 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
-| UnsafeUnpack.py:17:27:17:34 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
-| UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:17:27:17:45 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:19:35:19:41 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
-| UnsafeUnpack.py:33:50:33:65 | ControlFlowNode for local_ziped_path | semmle.label | ControlFlowNode for local_ziped_path |
-| UnsafeUnpack.py:34:23:34:38 | ControlFlowNode for local_ziped_path | semmle.label | ControlFlowNode for local_ziped_path |
-| UnsafeUnpack.py:47:20:47:34 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:48:23:48:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:51:1:51:15 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:51:19:51:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:52:23:52:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:65:1:65:15 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:65:19:65:31 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:66:23:66:37 | ControlFlowNode for compressed_file | semmle.label | ControlFlowNode for compressed_file |
-| UnsafeUnpack.py:79:1:79:12 | ControlFlowNode for url_filename | semmle.label | ControlFlowNode for url_filename |
-| UnsafeUnpack.py:79:16:79:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:81:1:81:8 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
-| UnsafeUnpack.py:81:12:81:50 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:84:11:84:17 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
-| UnsafeUnpack.py:85:7:85:7 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
-| UnsafeUnpack.py:85:15:85:22 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
-| UnsafeUnpack.py:85:15:85:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:85:15:85:33 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:87:23:87:29 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
-| UnsafeUnpack.py:102:23:102:30 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath |
-| UnsafeUnpack.py:103:23:103:27 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk |
-| UnsafeUnpack.py:103:32:103:44 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:103:32:103:54 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| UnsafeUnpack.py:103:32:103:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:104:25:104:29 | ControlFlowNode for wfile | semmle.label | ControlFlowNode for wfile |
-| UnsafeUnpack.py:104:37:104:41 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk |
-| UnsafeUnpack.py:105:35:105:42 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath |
-| UnsafeUnpack.py:108:13:108:18 | ControlFlowNode for myfile | semmle.label | ControlFlowNode for myfile |
-| UnsafeUnpack.py:108:22:108:34 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:108:22:108:48 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:110:18:110:26 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
-| UnsafeUnpack.py:111:19:111:19 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
-| UnsafeUnpack.py:111:27:111:32 | ControlFlowNode for myfile | semmle.label | ControlFlowNode for myfile |
-| UnsafeUnpack.py:111:27:111:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:112:35:112:43 | ControlFlowNode for file_path | semmle.label | ControlFlowNode for file_path |
-| UnsafeUnpack.py:116:17:116:21 | ControlFlowNode for ufile | semmle.label | ControlFlowNode for ufile |
-| UnsafeUnpack.py:116:27:116:39 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:116:27:116:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:118:19:118:26 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| UnsafeUnpack.py:118:30:118:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:118:38:118:42 | ControlFlowNode for ufile | semmle.label | ControlFlowNode for ufile |
-| UnsafeUnpack.py:118:38:118:47 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:119:19:119:36 | ControlFlowNode for uploaded_file_path | semmle.label | ControlFlowNode for uploaded_file_path |
-| UnsafeUnpack.py:119:40:119:56 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:119:48:119:55 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| UnsafeUnpack.py:120:41:120:58 | ControlFlowNode for uploaded_file_path | semmle.label | ControlFlowNode for uploaded_file_path |
-| UnsafeUnpack.py:140:1:140:19 | ControlFlowNode for unsafe_filename_tar | semmle.label | ControlFlowNode for unsafe_filename_tar |
-| UnsafeUnpack.py:140:23:140:35 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:141:6:141:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:141:22:141:40 | ControlFlowNode for unsafe_filename_tar | semmle.label | ControlFlowNode for unsafe_filename_tar |
-| UnsafeUnpack.py:141:56:141:58 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| UnsafeUnpack.py:142:49:142:51 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| UnsafeUnpack.py:157:23:157:30 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath |
-| UnsafeUnpack.py:158:23:158:27 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk |
-| UnsafeUnpack.py:158:32:158:44 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:158:32:158:54 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| UnsafeUnpack.py:158:32:158:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:159:25:159:29 | ControlFlowNode for wfile | semmle.label | ControlFlowNode for wfile |
-| UnsafeUnpack.py:159:37:159:41 | ControlFlowNode for chunk | semmle.label | ControlFlowNode for chunk |
-| UnsafeUnpack.py:161:19:161:21 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| UnsafeUnpack.py:161:25:161:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:161:38:161:45 | ControlFlowNode for savepath | semmle.label | ControlFlowNode for savepath |
-| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
-| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
-| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
-| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
-| UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
-| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
-| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
-| UnsafeUnpack.py:174:7:174:7 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
-| UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
-| UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| UnsafeUnpack.py:174:15:174:33 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:176:1:176:34 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | semmle.label | ControlFlowNode for tarpath |
-| UnsafeUnpack.py:194:53:194:55 | ControlFlowNode for tmp | semmle.label | ControlFlowNode for tmp |
-| UnsafeUnpack.py:201:29:201:31 | ControlFlowNode for tmp | semmle.label | ControlFlowNode for tmp |
-| UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| UnsafeUnpack.py:5:26:5:32 | After ImportMember | semmle.label | After ImportMember |
+| UnsafeUnpack.py:5:26:5:32 | request | semmle.label | request |
+| UnsafeUnpack.py:11:7:11:14 | filename | semmle.label | filename |
+| UnsafeUnpack.py:11:18:11:24 | request | semmle.label | request |
+| UnsafeUnpack.py:11:18:11:29 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:11:18:11:49 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:13:13:13:20 | response | semmle.label | response |
+| UnsafeUnpack.py:13:24:13:58 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:16:23:16:29 | tarpath | semmle.label | tarpath |
+| UnsafeUnpack.py:17:19:17:19 | f | semmle.label | f |
+| UnsafeUnpack.py:17:27:17:34 | response | semmle.label | response |
+| UnsafeUnpack.py:17:27:17:38 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:17:27:17:45 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:19:35:19:41 | tarpath | semmle.label | tarpath |
+| UnsafeUnpack.py:33:50:33:65 | local_ziped_path | semmle.label | local_ziped_path |
+| UnsafeUnpack.py:34:23:34:38 | local_ziped_path | semmle.label | local_ziped_path |
+| UnsafeUnpack.py:47:20:47:34 | compressed_file | semmle.label | compressed_file |
+| UnsafeUnpack.py:48:23:48:37 | compressed_file | semmle.label | compressed_file |
+| UnsafeUnpack.py:51:1:51:15 | compressed_file | semmle.label | compressed_file |
+| UnsafeUnpack.py:51:19:51:36 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:52:23:52:37 | compressed_file | semmle.label | compressed_file |
+| UnsafeUnpack.py:65:1:65:15 | compressed_file | semmle.label | compressed_file |
+| UnsafeUnpack.py:65:19:65:31 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:66:23:66:37 | compressed_file | semmle.label | compressed_file |
+| UnsafeUnpack.py:79:1:79:12 | url_filename | semmle.label | url_filename |
+| UnsafeUnpack.py:79:16:79:28 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:81:1:81:8 | response | semmle.label | response |
+| UnsafeUnpack.py:81:12:81:50 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:84:11:84:17 | tarpath | semmle.label | tarpath |
+| UnsafeUnpack.py:85:7:85:7 | f | semmle.label | f |
+| UnsafeUnpack.py:85:15:85:22 | response | semmle.label | response |
+| UnsafeUnpack.py:85:15:85:26 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:85:15:85:33 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:87:23:87:29 | tarpath | semmle.label | tarpath |
+| UnsafeUnpack.py:102:23:102:30 | savepath | semmle.label | savepath |
+| UnsafeUnpack.py:103:23:103:27 | chunk | semmle.label | chunk |
+| UnsafeUnpack.py:103:32:103:44 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:103:32:103:54 | After Subscript | semmle.label | After Subscript |
+| UnsafeUnpack.py:103:32:103:63 | After Attribute() [empty] | semmle.label | After Attribute() [empty] |
+| UnsafeUnpack.py:104:25:104:29 | wfile | semmle.label | wfile |
+| UnsafeUnpack.py:104:37:104:41 | chunk | semmle.label | chunk |
+| UnsafeUnpack.py:105:35:105:42 | savepath | semmle.label | savepath |
+| UnsafeUnpack.py:108:13:108:18 | myfile | semmle.label | myfile |
+| UnsafeUnpack.py:108:22:108:34 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:108:22:108:48 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:110:18:110:26 | file_path | semmle.label | file_path |
+| UnsafeUnpack.py:111:19:111:19 | f | semmle.label | f |
+| UnsafeUnpack.py:111:27:111:32 | myfile | semmle.label | myfile |
+| UnsafeUnpack.py:111:27:111:39 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:112:35:112:43 | file_path | semmle.label | file_path |
+| UnsafeUnpack.py:116:17:116:21 | ufile | semmle.label | ufile |
+| UnsafeUnpack.py:116:27:116:39 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:116:27:116:49 | After Attribute() [empty] | semmle.label | After Attribute() [empty] |
+| UnsafeUnpack.py:118:19:118:26 | filename | semmle.label | filename |
+| UnsafeUnpack.py:118:30:118:55 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:118:38:118:42 | ufile | semmle.label | ufile |
+| UnsafeUnpack.py:118:38:118:47 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:119:19:119:36 | uploaded_file_path | semmle.label | uploaded_file_path |
+| UnsafeUnpack.py:119:40:119:56 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:119:48:119:55 | filename | semmle.label | filename |
+| UnsafeUnpack.py:120:41:120:58 | uploaded_file_path | semmle.label | uploaded_file_path |
+| UnsafeUnpack.py:140:1:140:19 | unsafe_filename_tar | semmle.label | unsafe_filename_tar |
+| UnsafeUnpack.py:140:23:140:35 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:141:6:141:51 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:141:22:141:40 | unsafe_filename_tar | semmle.label | unsafe_filename_tar |
+| UnsafeUnpack.py:141:56:141:58 | tar | semmle.label | tar |
+| UnsafeUnpack.py:142:49:142:51 | tar | semmle.label | tar |
+| UnsafeUnpack.py:157:23:157:30 | savepath | semmle.label | savepath |
+| UnsafeUnpack.py:158:23:158:27 | chunk | semmle.label | chunk |
+| UnsafeUnpack.py:158:32:158:44 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:158:32:158:54 | After Subscript | semmle.label | After Subscript |
+| UnsafeUnpack.py:158:32:158:63 | After Attribute() [empty] | semmle.label | After Attribute() [empty] |
+| UnsafeUnpack.py:159:25:159:29 | wfile | semmle.label | wfile |
+| UnsafeUnpack.py:159:37:159:41 | chunk | semmle.label | chunk |
+| UnsafeUnpack.py:161:19:161:21 | tar | semmle.label | tar |
+| UnsafeUnpack.py:161:25:161:46 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:161:38:161:45 | savepath | semmle.label | savepath |
+| UnsafeUnpack.py:163:23:163:28 | member | semmle.label | member |
+| UnsafeUnpack.py:163:33:163:35 | After tar [empty] | semmle.label | After tar [empty] |
+| UnsafeUnpack.py:164:26:164:31 | member | semmle.label | member |
+| UnsafeUnpack.py:166:23:166:28 | [post] result | semmle.label | [post] result |
+| UnsafeUnpack.py:166:37:166:42 | member | semmle.label | member |
+| UnsafeUnpack.py:167:67:167:72 | result | semmle.label | result |
+| UnsafeUnpack.py:171:1:171:8 | response | semmle.label | response |
+| UnsafeUnpack.py:171:12:171:50 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:173:11:173:17 | tarpath | semmle.label | tarpath |
+| UnsafeUnpack.py:174:7:174:7 | f | semmle.label | f |
+| UnsafeUnpack.py:174:15:174:22 | response | semmle.label | response |
+| UnsafeUnpack.py:174:15:174:26 | After Attribute | semmle.label | After Attribute |
+| UnsafeUnpack.py:174:15:174:33 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:176:1:176:34 | After Attribute() | semmle.label | After Attribute() |
+| UnsafeUnpack.py:176:17:176:23 | tarpath | semmle.label | tarpath |
+| UnsafeUnpack.py:194:53:194:55 | tmp | semmle.label | tmp |
+| UnsafeUnpack.py:201:29:201:31 | tmp | semmle.label | tmp |
+| UnsafeUnpack.py:201:29:201:36 | After Attribute | semmle.label | After Attribute |
 subpaths
--- a/python/ql/test/experimental/query-tests/Security/CWE-327-UnsafeUsageOfClientSideEncryptionVersion/UnsafeUsageOfClientSideEncryptionVersion.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-327-UnsafeUsageOfClientSideEncryptionVersion/UnsafeUsageOfClientSideEncryptionVersion.expected
@@ -1,94 +1,94 @@
 edges
-| test.py:3:1:3:3 | ControlFlowNode for BSC | test.py:7:19:7:21 | ControlFlowNode for BSC | provenance |  |
-| test.py:3:1:3:3 | ControlFlowNode for BSC | test.py:35:19:35:21 | ControlFlowNode for BSC | provenance |  |
-| test.py:3:1:3:3 | ControlFlowNode for BSC | test.py:66:19:66:21 | ControlFlowNode for BSC | provenance |  |
-| test.py:3:7:3:51 | ControlFlowNode for Attribute() | test.py:3:1:3:3 | ControlFlowNode for BSC | provenance |  |
-| test.py:7:5:7:15 | ControlFlowNode for blob_client | test.py:8:5:8:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:7:19:7:21 | ControlFlowNode for BSC | test.py:7:19:7:42 | ControlFlowNode for Attribute() | provenance | Config |
-| test.py:7:19:7:42 | ControlFlowNode for Attribute() | test.py:7:5:7:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:8:5:8:15 | ControlFlowNode for blob_client | test.py:9:5:9:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:9:5:9:15 | ControlFlowNode for blob_client | test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | provenance | Config |
-| test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | test.py:11:9:11:19 | ControlFlowNode for blob_client | provenance |  |
-| test.py:15:5:15:23 | ControlFlowNode for blob_service_client | test.py:16:5:16:23 | ControlFlowNode for blob_service_client | provenance |  |
-| test.py:15:27:15:71 | ControlFlowNode for Attribute() | test.py:15:5:15:23 | ControlFlowNode for blob_service_client | provenance |  |
-| test.py:16:5:16:23 | ControlFlowNode for blob_service_client | test.py:17:5:17:23 | ControlFlowNode for blob_service_client | provenance |  |
-| test.py:17:5:17:23 | ControlFlowNode for blob_service_client | test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | provenance | Config |
-| test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | test.py:19:19:19:37 | ControlFlowNode for blob_service_client | provenance |  |
-| test.py:19:5:19:15 | ControlFlowNode for blob_client | test.py:21:9:21:19 | ControlFlowNode for blob_client | provenance |  |
-| test.py:19:19:19:37 | ControlFlowNode for blob_service_client | test.py:19:19:19:58 | ControlFlowNode for Attribute() | provenance | Config |
-| test.py:19:19:19:58 | ControlFlowNode for Attribute() | test.py:19:5:19:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:25:5:25:20 | ControlFlowNode for container_client | test.py:26:5:26:20 | ControlFlowNode for container_client | provenance |  |
-| test.py:25:24:25:66 | ControlFlowNode for Attribute() | test.py:25:5:25:20 | ControlFlowNode for container_client | provenance |  |
-| test.py:26:5:26:20 | ControlFlowNode for container_client | test.py:27:5:27:20 | ControlFlowNode for container_client | provenance |  |
-| test.py:27:5:27:20 | ControlFlowNode for container_client | test.py:27:5:27:20 | [post] ControlFlowNode for container_client | provenance | Config |
-| test.py:27:5:27:20 | [post] ControlFlowNode for container_client | test.py:29:19:29:34 | ControlFlowNode for container_client | provenance |  |
-| test.py:29:5:29:15 | ControlFlowNode for blob_client | test.py:31:9:31:19 | ControlFlowNode for blob_client | provenance |  |
-| test.py:29:19:29:34 | ControlFlowNode for container_client | test.py:29:19:29:55 | ControlFlowNode for Attribute() | provenance | Config |
-| test.py:29:19:29:55 | ControlFlowNode for Attribute() | test.py:29:5:29:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:35:5:35:15 | ControlFlowNode for blob_client | test.py:36:5:36:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:35:19:35:21 | ControlFlowNode for BSC | test.py:35:19:35:42 | ControlFlowNode for Attribute() | provenance | Config |
-| test.py:35:19:35:42 | ControlFlowNode for Attribute() | test.py:35:5:35:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:36:5:36:15 | ControlFlowNode for blob_client | test.py:37:5:37:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:37:5:37:15 | ControlFlowNode for blob_client | test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | provenance | Config |
-| test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | test.py:43:9:43:19 | ControlFlowNode for blob_client | provenance |  |
-| test.py:66:5:66:15 | ControlFlowNode for blob_client | test.py:67:5:67:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:66:19:66:21 | ControlFlowNode for BSC | test.py:66:19:66:42 | ControlFlowNode for Attribute() | provenance | Config |
-| test.py:66:19:66:42 | ControlFlowNode for Attribute() | test.py:66:5:66:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:67:5:67:15 | ControlFlowNode for blob_client | test.py:68:5:68:15 | ControlFlowNode for blob_client | provenance |  |
-| test.py:68:5:68:15 | ControlFlowNode for blob_client | test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | provenance | Config |
-| test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | test.py:69:12:69:22 | ControlFlowNode for blob_client | provenance |  |
-| test.py:69:12:69:22 | ControlFlowNode for blob_client | test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | provenance |  |
-| test.py:73:5:73:6 | ControlFlowNode for bc | test.py:75:9:75:10 | ControlFlowNode for bc | provenance |  |
-| test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | test.py:73:5:73:6 | ControlFlowNode for bc | provenance |  |
+| test.py:3:1:3:3 | BSC | test.py:7:19:7:21 | BSC | provenance |  |
+| test.py:3:1:3:3 | BSC | test.py:35:19:35:21 | BSC | provenance |  |
+| test.py:3:1:3:3 | BSC | test.py:66:19:66:21 | BSC | provenance |  |
+| test.py:3:7:3:51 | After Attribute() | test.py:3:1:3:3 | BSC | provenance |  |
+| test.py:7:5:7:15 | blob_client | test.py:8:5:8:15 | blob_client | provenance |  |
+| test.py:7:19:7:21 | BSC | test.py:7:19:7:42 | After Attribute() | provenance | Config |
+| test.py:7:19:7:42 | After Attribute() | test.py:7:5:7:15 | blob_client | provenance |  |
+| test.py:8:5:8:15 | blob_client | test.py:9:5:9:15 | blob_client | provenance |  |
+| test.py:9:5:9:15 | [post] blob_client | test.py:11:9:11:19 | blob_client | provenance |  |
+| test.py:9:5:9:15 | blob_client | test.py:9:5:9:15 | [post] blob_client | provenance | Config |
+| test.py:15:5:15:23 | blob_service_client | test.py:16:5:16:23 | blob_service_client | provenance |  |
+| test.py:15:27:15:71 | After Attribute() | test.py:15:5:15:23 | blob_service_client | provenance |  |
+| test.py:16:5:16:23 | blob_service_client | test.py:17:5:17:23 | blob_service_client | provenance |  |
+| test.py:17:5:17:23 | [post] blob_service_client | test.py:19:19:19:37 | blob_service_client | provenance |  |
+| test.py:17:5:17:23 | blob_service_client | test.py:17:5:17:23 | [post] blob_service_client | provenance | Config |
+| test.py:19:5:19:15 | blob_client | test.py:21:9:21:19 | blob_client | provenance |  |
+| test.py:19:19:19:37 | blob_service_client | test.py:19:19:19:58 | After Attribute() | provenance | Config |
+| test.py:19:19:19:58 | After Attribute() | test.py:19:5:19:15 | blob_client | provenance |  |
+| test.py:25:5:25:20 | container_client | test.py:26:5:26:20 | container_client | provenance |  |
+| test.py:25:24:25:66 | After Attribute() | test.py:25:5:25:20 | container_client | provenance |  |
+| test.py:26:5:26:20 | container_client | test.py:27:5:27:20 | container_client | provenance |  |
+| test.py:27:5:27:20 | [post] container_client | test.py:29:19:29:34 | container_client | provenance |  |
+| test.py:27:5:27:20 | container_client | test.py:27:5:27:20 | [post] container_client | provenance | Config |
+| test.py:29:5:29:15 | blob_client | test.py:31:9:31:19 | blob_client | provenance |  |
+| test.py:29:19:29:34 | container_client | test.py:29:19:29:55 | After Attribute() | provenance | Config |
+| test.py:29:19:29:55 | After Attribute() | test.py:29:5:29:15 | blob_client | provenance |  |
+| test.py:35:5:35:15 | blob_client | test.py:36:5:36:15 | blob_client | provenance |  |
+| test.py:35:19:35:21 | BSC | test.py:35:19:35:42 | After Attribute() | provenance | Config |
+| test.py:35:19:35:42 | After Attribute() | test.py:35:5:35:15 | blob_client | provenance |  |
+| test.py:36:5:36:15 | blob_client | test.py:37:5:37:15 | blob_client | provenance |  |
+| test.py:37:5:37:15 | [post] blob_client | test.py:43:9:43:19 | blob_client | provenance |  |
+| test.py:37:5:37:15 | blob_client | test.py:37:5:37:15 | [post] blob_client | provenance | Config |
+| test.py:66:5:66:15 | blob_client | test.py:67:5:67:15 | blob_client | provenance |  |
+| test.py:66:19:66:21 | BSC | test.py:66:19:66:42 | After Attribute() | provenance | Config |
+| test.py:66:19:66:42 | After Attribute() | test.py:66:5:66:15 | blob_client | provenance |  |
+| test.py:67:5:67:15 | blob_client | test.py:68:5:68:15 | blob_client | provenance |  |
+| test.py:68:5:68:15 | [post] blob_client | test.py:69:12:69:22 | blob_client | provenance |  |
+| test.py:68:5:68:15 | blob_client | test.py:68:5:68:15 | [post] blob_client | provenance | Config |
+| test.py:69:12:69:22 | blob_client | test.py:73:10:73:33 | After get_unsafe_blob_client() | provenance |  |
+| test.py:73:5:73:6 | bc | test.py:75:9:75:10 | bc | provenance |  |
+| test.py:73:10:73:33 | After get_unsafe_blob_client() | test.py:73:5:73:6 | bc | provenance |  |
 nodes
-| test.py:3:1:3:3 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC |
-| test.py:3:7:3:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:7:5:7:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:7:19:7:21 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC |
-| test.py:7:19:7:42 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:8:5:8:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:9:5:9:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:9:5:9:15 | [post] ControlFlowNode for blob_client | semmle.label | [post] ControlFlowNode for blob_client |
-| test.py:11:9:11:19 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:15:5:15:23 | ControlFlowNode for blob_service_client | semmle.label | ControlFlowNode for blob_service_client |
-| test.py:15:27:15:71 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:16:5:16:23 | ControlFlowNode for blob_service_client | semmle.label | ControlFlowNode for blob_service_client |
-| test.py:17:5:17:23 | ControlFlowNode for blob_service_client | semmle.label | ControlFlowNode for blob_service_client |
-| test.py:17:5:17:23 | [post] ControlFlowNode for blob_service_client | semmle.label | [post] ControlFlowNode for blob_service_client |
-| test.py:19:5:19:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:19:19:19:37 | ControlFlowNode for blob_service_client | semmle.label | ControlFlowNode for blob_service_client |
-| test.py:19:19:19:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:21:9:21:19 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:25:5:25:20 | ControlFlowNode for container_client | semmle.label | ControlFlowNode for container_client |
-| test.py:25:24:25:66 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:26:5:26:20 | ControlFlowNode for container_client | semmle.label | ControlFlowNode for container_client |
-| test.py:27:5:27:20 | ControlFlowNode for container_client | semmle.label | ControlFlowNode for container_client |
-| test.py:27:5:27:20 | [post] ControlFlowNode for container_client | semmle.label | [post] ControlFlowNode for container_client |
-| test.py:29:5:29:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:29:19:29:34 | ControlFlowNode for container_client | semmle.label | ControlFlowNode for container_client |
-| test.py:29:19:29:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:31:9:31:19 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:35:5:35:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:35:19:35:21 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC |
-| test.py:35:19:35:42 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:36:5:36:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:37:5:37:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:37:5:37:15 | [post] ControlFlowNode for blob_client | semmle.label | [post] ControlFlowNode for blob_client |
-| test.py:43:9:43:19 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:66:5:66:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:66:19:66:21 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC |
-| test.py:66:19:66:42 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:67:5:67:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:68:5:68:15 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:68:5:68:15 | [post] ControlFlowNode for blob_client | semmle.label | [post] ControlFlowNode for blob_client |
-| test.py:69:12:69:22 | ControlFlowNode for blob_client | semmle.label | ControlFlowNode for blob_client |
-| test.py:73:5:73:6 | ControlFlowNode for bc | semmle.label | ControlFlowNode for bc |
-| test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | semmle.label | ControlFlowNode for get_unsafe_blob_client() |
-| test.py:75:9:75:10 | ControlFlowNode for bc | semmle.label | ControlFlowNode for bc |
+| test.py:3:1:3:3 | BSC | semmle.label | BSC |
+| test.py:3:7:3:51 | After Attribute() | semmle.label | After Attribute() |
+| test.py:7:5:7:15 | blob_client | semmle.label | blob_client |
+| test.py:7:19:7:21 | BSC | semmle.label | BSC |
+| test.py:7:19:7:42 | After Attribute() | semmle.label | After Attribute() |
+| test.py:8:5:8:15 | blob_client | semmle.label | blob_client |
+| test.py:9:5:9:15 | [post] blob_client | semmle.label | [post] blob_client |
+| test.py:9:5:9:15 | blob_client | semmle.label | blob_client |
+| test.py:11:9:11:19 | blob_client | semmle.label | blob_client |
+| test.py:15:5:15:23 | blob_service_client | semmle.label | blob_service_client |
+| test.py:15:27:15:71 | After Attribute() | semmle.label | After Attribute() |
+| test.py:16:5:16:23 | blob_service_client | semmle.label | blob_service_client |
+| test.py:17:5:17:23 | [post] blob_service_client | semmle.label | [post] blob_service_client |
+| test.py:17:5:17:23 | blob_service_client | semmle.label | blob_service_client |
+| test.py:19:5:19:15 | blob_client | semmle.label | blob_client |
+| test.py:19:19:19:37 | blob_service_client | semmle.label | blob_service_client |
+| test.py:19:19:19:58 | After Attribute() | semmle.label | After Attribute() |
+| test.py:21:9:21:19 | blob_client | semmle.label | blob_client |
+| test.py:25:5:25:20 | container_client | semmle.label | container_client |
+| test.py:25:24:25:66 | After Attribute() | semmle.label | After Attribute() |
+| test.py:26:5:26:20 | container_client | semmle.label | container_client |
+| test.py:27:5:27:20 | [post] container_client | semmle.label | [post] container_client |
+| test.py:27:5:27:20 | container_client | semmle.label | container_client |
+| test.py:29:5:29:15 | blob_client | semmle.label | blob_client |
+| test.py:29:19:29:34 | container_client | semmle.label | container_client |
+| test.py:29:19:29:55 | After Attribute() | semmle.label | After Attribute() |
+| test.py:31:9:31:19 | blob_client | semmle.label | blob_client |
+| test.py:35:5:35:15 | blob_client | semmle.label | blob_client |
+| test.py:35:19:35:21 | BSC | semmle.label | BSC |
+| test.py:35:19:35:42 | After Attribute() | semmle.label | After Attribute() |
+| test.py:36:5:36:15 | blob_client | semmle.label | blob_client |
+| test.py:37:5:37:15 | [post] blob_client | semmle.label | [post] blob_client |
+| test.py:37:5:37:15 | blob_client | semmle.label | blob_client |
+| test.py:43:9:43:19 | blob_client | semmle.label | blob_client |
+| test.py:66:5:66:15 | blob_client | semmle.label | blob_client |
+| test.py:66:19:66:21 | BSC | semmle.label | BSC |
+| test.py:66:19:66:42 | After Attribute() | semmle.label | After Attribute() |
+| test.py:67:5:67:15 | blob_client | semmle.label | blob_client |
+| test.py:68:5:68:15 | [post] blob_client | semmle.label | [post] blob_client |
+| test.py:68:5:68:15 | blob_client | semmle.label | blob_client |
+| test.py:69:12:69:22 | blob_client | semmle.label | blob_client |
+| test.py:73:5:73:6 | bc | semmle.label | bc |
+| test.py:73:10:73:33 | After get_unsafe_blob_client() | semmle.label | After get_unsafe_blob_client() |
+| test.py:75:9:75:10 | bc | semmle.label | bc |
 subpaths
 #select
-| test.py:11:9:11:19 | ControlFlowNode for blob_client | test.py:3:7:3:51 | ControlFlowNode for Attribute() | test.py:11:9:11:19 | ControlFlowNode for blob_client | Unsafe usage of v1 version of Azure Storage client-side encryption |
-| test.py:21:9:21:19 | ControlFlowNode for blob_client | test.py:15:27:15:71 | ControlFlowNode for Attribute() | test.py:21:9:21:19 | ControlFlowNode for blob_client | Unsafe usage of v1 version of Azure Storage client-side encryption |
-| test.py:31:9:31:19 | ControlFlowNode for blob_client | test.py:25:24:25:66 | ControlFlowNode for Attribute() | test.py:31:9:31:19 | ControlFlowNode for blob_client | Unsafe usage of v1 version of Azure Storage client-side encryption |
-| test.py:43:9:43:19 | ControlFlowNode for blob_client | test.py:3:7:3:51 | ControlFlowNode for Attribute() | test.py:43:9:43:19 | ControlFlowNode for blob_client | Unsafe usage of v1 version of Azure Storage client-side encryption |
-| test.py:75:9:75:10 | ControlFlowNode for bc | test.py:3:7:3:51 | ControlFlowNode for Attribute() | test.py:75:9:75:10 | ControlFlowNode for bc | Unsafe usage of v1 version of Azure Storage client-side encryption |
+| test.py:11:9:11:19 | blob_client | test.py:3:7:3:51 | After Attribute() | test.py:11:9:11:19 | blob_client | Unsafe usage of v1 version of Azure Storage client-side encryption |
+| test.py:21:9:21:19 | blob_client | test.py:15:27:15:71 | After Attribute() | test.py:21:9:21:19 | blob_client | Unsafe usage of v1 version of Azure Storage client-side encryption |
+| test.py:31:9:31:19 | blob_client | test.py:25:24:25:66 | After Attribute() | test.py:31:9:31:19 | blob_client | Unsafe usage of v1 version of Azure Storage client-side encryption |
+| test.py:43:9:43:19 | blob_client | test.py:3:7:3:51 | After Attribute() | test.py:43:9:43:19 | blob_client | Unsafe usage of v1 version of Azure Storage client-side encryption |
+| test.py:75:9:75:10 | bc | test.py:3:7:3:51 | After Attribute() | test.py:75:9:75:10 | bc | Unsafe usage of v1 version of Azure Storage client-side encryption |
--- a/python/ql/test/extractor-tests/long_path/LongPath.expected
+++ b/python/ql/test/extractor-tests/long_path/LongPath.expected
@@ -1 +1 @@
-| really_rather_too_long_for_windows_path_length/with_unecessarily_longwinded_and_verbose_sub_folder/extremely_long_module_name_with_lots_of_digits_at_the_end_000000000000000000000000000000000000000000000000000000000000000000/test0000000000000000000000000000000000000000000000000000000.py |
+| This test is failing because an autogenerated file is missing. Read the comment in the .ql file for more info. |
--- a/python/ql/test/library-tests/dataflow-new-ssa-vs-legacy/CmpTest.expected
+++ b/python/ql/test/library-tests/dataflow-new-ssa-vs-legacy/CmpTest.expected
@@ -1,21 +1,6 @@
-| def-only-new | compute:37:1 |
-| def-only-new | open:44:1 |
-| def-only-new | sum:27:1 |
 | def-only-old | $:0:0 |
-| def-only-old | GLOBAL:49:1 |
 | def-only-old | __name__:0:0 |
 | def-only-old | __package__:0:0 |
-| def-only-old | closure:31:5 |
 | def-only-old | e:37:1 |
 | def-only-old | e:40:25 |
-| def-only-old | exception_binding:37:5 |
-| def-only-old | if_else_branch:12:5 |
-| def-only-old | kwargs:27:32 |
-| def-only-old | loop:20:5 |
-| def-only-old | parameter:27:5 |
-| def-only-old | read_global:52:5 |
-| def-only-old | reassignment:6:5 |
-| def-only-old | simple_assign:1:5 |
-| def-only-old | with_binding:44:5 |
 | def-only-old | x:20:1 |
-| def-only-old | x:31:13 |
--- a/python/ql/test/library-tests/dataflow-new-ssa/SsaTest.expected
+++ b/python/ql/test/library-tests/dataflow-new-ssa/SsaTest.expected
@@ -0,0 +1,6 @@
+| test.py:14:5:14:15 | basic_param | Unexpected result: def=basic_param |
+| test.py:18:5:18:16 | basic_assign | Unexpected result: def=basic_assign |
+| test.py:23:5:23:16 | reassignment | Unexpected result: def=reassignment |
+| test.py:29:5:29:15 | if_else_phi | Unexpected result: def=if_else_phi |
+| test.py:37:5:37:14 | use_global | Unexpected result: def=use_global |
+| test.py:38:28:38:49 | Comment # $ use=some_undefined | Missing result: use=some_undefined |
--- a/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.expected
+++ b/python/ql/test/library-tests/frameworks/aiohttp/InlineTaintTest.expected
@@ -1,3 +1,10 @@
 argumentToEnsureNotTaintedNotMarkedAsSpurious
 untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+| taint_test.py:151:9:151:15 | taint_test.py:151 | ERROR, you should add `# $ MISSING: tainted` annotation | request |
+| taint_test.py:152:9:152:19 | taint_test.py:152 | ERROR, you should add `# $ MISSING: tainted` annotation | request.url |
+| taint_test.py:153:9:153:36 | taint_test.py:153 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
 testFailures
+| taint_test.py:151:18:151:28 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:152:22:152:32 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:153:39:153:49 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:168:76:168:96 | Comment # $ SPURIOUS: tainted | Fixed spurious result: tainted |
--- a/python/ql/test/library-tests/frameworks/django-orm/NormalDataflowTest.expected
+++ b/python/ql/test/library-tests/frameworks/django-orm/NormalDataflowTest.expected
@@ -1,2 +1,3 @@
 missingAnnotationOnSink
 testFailures
+| testapp/orm_tests.py:316:14:316:21 | After Attribute | Unexpected result: flow="SOURCE, l:-16 -> obj.text" |
--- a/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected
+++ b/python/ql/test/library-tests/frameworks/django-orm/ReflectedXss.expected
@@ -1,107 +1,107 @@
 edges
-| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | testapp/orm_security_tests.py:51:14:51:53 | ControlFlowNode for Attribute() [Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | testapp/orm_security_tests.py:47:14:47:53 | ControlFlowNode for Attribute() [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:22:23:22:42 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
-| testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:23:22:23:40 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
-| testapp/orm_security_tests.py:22:9:22:14 | [post] ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:23:9:23:14 | ControlFlowNode for person [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:22:23:22:42 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:22:9:22:14 | [post] ControlFlowNode for person [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:23:9:23:14 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:23:9:23:14 | [post] ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:23:22:23:40 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:23:9:23:14 | [post] ControlFlowNode for person [Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:43:62:43:67 | ControlFlowNode for person [Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:43:49:43:54 | ControlFlowNode for person [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute age] | testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute name] | testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | provenance |  |
-| testapp/orm_security_tests.py:43:49:43:54 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:43:49:43:59 | ControlFlowNode for Attribute | provenance |  |
-| testapp/orm_security_tests.py:43:49:43:59 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | provenance |  |
-| testapp/orm_security_tests.py:43:62:43:67 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:43:62:43:71 | ControlFlowNode for Attribute | provenance |  |
-| testapp/orm_security_tests.py:43:62:43:71 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | provenance |  |
-| testapp/orm_security_tests.py:47:5:47:10 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:48:46:48:51 | ControlFlowNode for person [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:47:14:47:53 | ControlFlowNode for Attribute() [Attribute name] | testapp/orm_security_tests.py:47:5:47:10 | ControlFlowNode for person [Attribute name] | provenance |  |
-| testapp/orm_security_tests.py:48:46:48:51 | ControlFlowNode for person [Attribute name] | testapp/orm_security_tests.py:48:46:48:56 | ControlFlowNode for Attribute | provenance |  |
-| testapp/orm_security_tests.py:48:46:48:56 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | provenance |  |
-| testapp/orm_security_tests.py:51:5:51:10 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:55:45:55:50 | ControlFlowNode for person [Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:51:14:51:53 | ControlFlowNode for Attribute() [Attribute age] | testapp/orm_security_tests.py:51:5:51:10 | ControlFlowNode for person [Attribute age] | provenance |  |
-| testapp/orm_security_tests.py:55:45:55:50 | ControlFlowNode for person [Attribute age] | testapp/orm_security_tests.py:55:45:55:54 | ControlFlowNode for Attribute | provenance |  |
-| testapp/orm_security_tests.py:55:45:55:54 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | provenance |  |
-| testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
-| testapp/orm_security_tests.py:96:5:96:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:97:5:97:11 | ControlFlowNode for comment [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | testapp/orm_security_tests.py:96:5:96:11 | ControlFlowNode for comment [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:97:5:97:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:101:5:101:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:31 | ControlFlowNode for comment [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | testapp/orm_security_tests.py:101:5:101:11 | ControlFlowNode for comment [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:102:25:102:31 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | provenance |  |
-| testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | testapp/orm_security_tests.py:120:15:120:49 | ControlFlowNode for Attribute() [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | provenance | AdditionalTaintStep |
-| testapp/orm_security_tests.py:115:5:115:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:117:5:117:11 | ControlFlowNode for comment [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | testapp/orm_security_tests.py:115:5:115:11 | ControlFlowNode for comment [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:117:5:117:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:120:5:120:11 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:31 | ControlFlowNode for comment [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:120:15:120:49 | ControlFlowNode for Attribute() [Attribute text] | testapp/orm_security_tests.py:120:5:120:11 | ControlFlowNode for comment [Attribute text] | provenance |  |
-| testapp/orm_security_tests.py:121:25:121:31 | ControlFlowNode for comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | provenance |  |
+| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | testapp/orm_security_tests.py:51:14:51:53 | After Attribute() [Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | testapp/orm_security_tests.py:47:14:47:53 | After Attribute() [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:22:23:22:42 | After Subscript | provenance | AdditionalTaintStep |
+| testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:23:22:23:40 | After Subscript | provenance | AdditionalTaintStep |
+| testapp/orm_security_tests.py:22:9:22:14 | [post] person [Attribute name] | testapp/orm_security_tests.py:23:9:23:14 | person [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:22:23:22:42 | After Subscript | testapp/orm_security_tests.py:22:9:22:14 | [post] person [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:23:9:23:14 | [post] person [Attribute age] | testapp/orm_security_tests.py:28:9:28:14 | person [Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:23:9:23:14 | person [Attribute name] | testapp/orm_security_tests.py:28:9:28:14 | person [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:23:22:23:40 | After Subscript | testapp/orm_security_tests.py:23:9:23:14 | [post] person [Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:28:9:28:14 | person [Attribute age] | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:28:9:28:14 | person [Attribute name] | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:42:13:42:18 | person [Attribute age] | testapp/orm_security_tests.py:43:62:43:67 | person [Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:42:13:42:18 | person [Attribute name] | testapp/orm_security_tests.py:43:49:43:54 | person [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute age] | testapp/orm_security_tests.py:42:13:42:18 | person [Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute name] | testapp/orm_security_tests.py:42:13:42:18 | person [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:43:13:43:21 | resp_text | testapp/orm_security_tests.py:44:29:44:37 | resp_text | provenance |  |
+| testapp/orm_security_tests.py:43:49:43:54 | person [Attribute name] | testapp/orm_security_tests.py:43:49:43:59 | After Attribute | provenance |  |
+| testapp/orm_security_tests.py:43:49:43:59 | After Attribute | testapp/orm_security_tests.py:43:13:43:21 | resp_text | provenance |  |
+| testapp/orm_security_tests.py:43:62:43:67 | person [Attribute age] | testapp/orm_security_tests.py:43:62:43:71 | After Attribute | provenance |  |
+| testapp/orm_security_tests.py:43:62:43:71 | After Attribute | testapp/orm_security_tests.py:43:13:43:21 | resp_text | provenance |  |
+| testapp/orm_security_tests.py:47:5:47:10 | person [Attribute name] | testapp/orm_security_tests.py:48:46:48:51 | person [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:47:14:47:53 | After Attribute() [Attribute name] | testapp/orm_security_tests.py:47:5:47:10 | person [Attribute name] | provenance |  |
+| testapp/orm_security_tests.py:48:46:48:51 | person [Attribute name] | testapp/orm_security_tests.py:48:46:48:56 | After Attribute | provenance |  |
+| testapp/orm_security_tests.py:48:46:48:56 | After Attribute | testapp/orm_security_tests.py:48:25:48:57 | After Attribute() | provenance |  |
+| testapp/orm_security_tests.py:51:5:51:10 | person [Attribute age] | testapp/orm_security_tests.py:55:45:55:50 | person [Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:51:14:51:53 | After Attribute() [Attribute age] | testapp/orm_security_tests.py:51:5:51:10 | person [Attribute age] | provenance |  |
+| testapp/orm_security_tests.py:55:45:55:50 | person [Attribute age] | testapp/orm_security_tests.py:55:45:55:54 | After Attribute | provenance |  |
+| testapp/orm_security_tests.py:55:45:55:54 | After Attribute | testapp/orm_security_tests.py:55:25:55:55 | After Attribute() | provenance |  |
+| testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | testapp/orm_security_tests.py:101:15:101:52 | After Attribute() [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:95:37:95:43 | request | testapp/orm_security_tests.py:96:44:96:63 | After Subscript | provenance | AdditionalTaintStep |
+| testapp/orm_security_tests.py:96:5:96:11 | comment [Attribute text] | testapp/orm_security_tests.py:97:5:97:11 | comment [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:96:15:96:64 | After CommentValidatorNotUsed() [Attribute text] | testapp/orm_security_tests.py:96:5:96:11 | comment [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:96:44:96:63 | After Subscript | testapp/orm_security_tests.py:96:15:96:64 | After CommentValidatorNotUsed() [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:97:5:97:11 | comment [Attribute text] | testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:101:5:101:11 | comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:31 | comment [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:101:15:101:52 | After Attribute() [Attribute text] | testapp/orm_security_tests.py:101:5:101:11 | comment [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:102:25:102:31 | comment [Attribute text] | testapp/orm_security_tests.py:102:25:102:36 | After Attribute | provenance |  |
+| testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | testapp/orm_security_tests.py:120:15:120:49 | After Attribute() [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:114:33:114:39 | request | testapp/orm_security_tests.py:115:41:115:60 | After Subscript | provenance | AdditionalTaintStep |
+| testapp/orm_security_tests.py:115:5:115:11 | comment [Attribute text] | testapp/orm_security_tests.py:117:5:117:11 | comment [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:115:15:115:61 | After CommentValidatorUsed() [Attribute text] | testapp/orm_security_tests.py:115:5:115:11 | comment [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:115:41:115:60 | After Subscript | testapp/orm_security_tests.py:115:15:115:61 | After CommentValidatorUsed() [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:117:5:117:11 | comment [Attribute text] | testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:120:5:120:11 | comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:31 | comment [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:120:15:120:49 | After Attribute() [Attribute text] | testapp/orm_security_tests.py:120:5:120:11 | comment [Attribute text] | provenance |  |
+| testapp/orm_security_tests.py:121:25:121:31 | comment [Attribute text] | testapp/orm_security_tests.py:121:25:121:36 | After Attribute | provenance |  |
 nodes
 | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute age] | semmle.label | [orm-model] Class Person [Attribute age] |
 | testapp/orm_security_tests.py:15:1:15:27 | [orm-model] Class Person [Attribute name] | semmle.label | [orm-model] Class Person [Attribute name] |
-| testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| testapp/orm_security_tests.py:22:9:22:14 | [post] ControlFlowNode for person [Attribute name] | semmle.label | [post] ControlFlowNode for person [Attribute name] |
-| testapp/orm_security_tests.py:22:23:22:42 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| testapp/orm_security_tests.py:23:9:23:14 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] |
-| testapp/orm_security_tests.py:23:9:23:14 | [post] ControlFlowNode for person [Attribute age] | semmle.label | [post] ControlFlowNode for person [Attribute age] |
-| testapp/orm_security_tests.py:23:22:23:40 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] |
-| testapp/orm_security_tests.py:28:9:28:14 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] |
-| testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] |
-| testapp/orm_security_tests.py:42:13:42:18 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] |
-| testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute age] | semmle.label | ControlFlowNode for Attribute() [List element, Attribute age] |
-| testapp/orm_security_tests.py:42:23:42:42 | ControlFlowNode for Attribute() [List element, Attribute name] | semmle.label | ControlFlowNode for Attribute() [List element, Attribute name] |
-| testapp/orm_security_tests.py:43:13:43:21 | ControlFlowNode for resp_text | semmle.label | ControlFlowNode for resp_text |
-| testapp/orm_security_tests.py:43:49:43:54 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] |
-| testapp/orm_security_tests.py:43:49:43:59 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| testapp/orm_security_tests.py:43:62:43:67 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] |
-| testapp/orm_security_tests.py:43:62:43:71 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | semmle.label | ControlFlowNode for resp_text |
-| testapp/orm_security_tests.py:47:5:47:10 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] |
-| testapp/orm_security_tests.py:47:14:47:53 | ControlFlowNode for Attribute() [Attribute name] | semmle.label | ControlFlowNode for Attribute() [Attribute name] |
-| testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| testapp/orm_security_tests.py:48:46:48:51 | ControlFlowNode for person [Attribute name] | semmle.label | ControlFlowNode for person [Attribute name] |
-| testapp/orm_security_tests.py:48:46:48:56 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| testapp/orm_security_tests.py:51:5:51:10 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] |
-| testapp/orm_security_tests.py:51:14:51:53 | ControlFlowNode for Attribute() [Attribute age] | semmle.label | ControlFlowNode for Attribute() [Attribute age] |
-| testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| testapp/orm_security_tests.py:55:45:55:50 | ControlFlowNode for person [Attribute age] | semmle.label | ControlFlowNode for person [Attribute age] |
-| testapp/orm_security_tests.py:55:45:55:54 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| testapp/orm_security_tests.py:19:12:19:18 | request | semmle.label | request |
+| testapp/orm_security_tests.py:22:9:22:14 | [post] person [Attribute name] | semmle.label | [post] person [Attribute name] |
+| testapp/orm_security_tests.py:22:23:22:42 | After Subscript | semmle.label | After Subscript |
+| testapp/orm_security_tests.py:23:9:23:14 | [post] person [Attribute age] | semmle.label | [post] person [Attribute age] |
+| testapp/orm_security_tests.py:23:9:23:14 | person [Attribute name] | semmle.label | person [Attribute name] |
+| testapp/orm_security_tests.py:23:22:23:40 | After Subscript | semmle.label | After Subscript |
+| testapp/orm_security_tests.py:28:9:28:14 | person [Attribute age] | semmle.label | person [Attribute age] |
+| testapp/orm_security_tests.py:28:9:28:14 | person [Attribute name] | semmle.label | person [Attribute name] |
+| testapp/orm_security_tests.py:42:13:42:18 | person [Attribute age] | semmle.label | person [Attribute age] |
+| testapp/orm_security_tests.py:42:13:42:18 | person [Attribute name] | semmle.label | person [Attribute name] |
+| testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute age] | semmle.label | After Attribute() [empty] [List element, Attribute age] |
+| testapp/orm_security_tests.py:42:23:42:42 | After Attribute() [empty] [List element, Attribute name] | semmle.label | After Attribute() [empty] [List element, Attribute name] |
+| testapp/orm_security_tests.py:43:13:43:21 | resp_text | semmle.label | resp_text |
+| testapp/orm_security_tests.py:43:49:43:54 | person [Attribute name] | semmle.label | person [Attribute name] |
+| testapp/orm_security_tests.py:43:49:43:59 | After Attribute | semmle.label | After Attribute |
+| testapp/orm_security_tests.py:43:62:43:67 | person [Attribute age] | semmle.label | person [Attribute age] |
+| testapp/orm_security_tests.py:43:62:43:71 | After Attribute | semmle.label | After Attribute |
+| testapp/orm_security_tests.py:44:29:44:37 | resp_text | semmle.label | resp_text |
+| testapp/orm_security_tests.py:47:5:47:10 | person [Attribute name] | semmle.label | person [Attribute name] |
+| testapp/orm_security_tests.py:47:14:47:53 | After Attribute() [Attribute name] | semmle.label | After Attribute() [Attribute name] |
+| testapp/orm_security_tests.py:48:25:48:57 | After Attribute() | semmle.label | After Attribute() |
+| testapp/orm_security_tests.py:48:46:48:51 | person [Attribute name] | semmle.label | person [Attribute name] |
+| testapp/orm_security_tests.py:48:46:48:56 | After Attribute | semmle.label | After Attribute |
+| testapp/orm_security_tests.py:51:5:51:10 | person [Attribute age] | semmle.label | person [Attribute age] |
+| testapp/orm_security_tests.py:51:14:51:53 | After Attribute() [Attribute age] | semmle.label | After Attribute() [Attribute age] |
+| testapp/orm_security_tests.py:55:25:55:55 | After Attribute() | semmle.label | After Attribute() |
+| testapp/orm_security_tests.py:55:45:55:50 | person [Attribute age] | semmle.label | person [Attribute age] |
+| testapp/orm_security_tests.py:55:45:55:54 | After Attribute | semmle.label | After Attribute |
 | testapp/orm_security_tests.py:92:1:92:44 | [orm-model] Class CommentValidatorNotUsed [Attribute text] | semmle.label | [orm-model] Class CommentValidatorNotUsed [Attribute text] |
-| testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| testapp/orm_security_tests.py:96:5:96:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] |
-| testapp/orm_security_tests.py:96:15:96:64 | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] | semmle.label | ControlFlowNode for CommentValidatorNotUsed() [Attribute text] |
-| testapp/orm_security_tests.py:96:44:96:63 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| testapp/orm_security_tests.py:97:5:97:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] |
-| testapp/orm_security_tests.py:101:5:101:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] |
-| testapp/orm_security_tests.py:101:15:101:52 | ControlFlowNode for Attribute() [Attribute text] | semmle.label | ControlFlowNode for Attribute() [Attribute text] |
-| testapp/orm_security_tests.py:102:25:102:31 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] |
-| testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| testapp/orm_security_tests.py:95:37:95:43 | request | semmle.label | request |
+| testapp/orm_security_tests.py:96:5:96:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
+| testapp/orm_security_tests.py:96:15:96:64 | After CommentValidatorNotUsed() [Attribute text] | semmle.label | After CommentValidatorNotUsed() [Attribute text] |
+| testapp/orm_security_tests.py:96:44:96:63 | After Subscript | semmle.label | After Subscript |
+| testapp/orm_security_tests.py:97:5:97:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
+| testapp/orm_security_tests.py:101:5:101:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
+| testapp/orm_security_tests.py:101:15:101:52 | After Attribute() [Attribute text] | semmle.label | After Attribute() [Attribute text] |
+| testapp/orm_security_tests.py:102:25:102:31 | comment [Attribute text] | semmle.label | comment [Attribute text] |
+| testapp/orm_security_tests.py:102:25:102:36 | After Attribute | semmle.label | After Attribute |
 | testapp/orm_security_tests.py:111:1:111:41 | [orm-model] Class CommentValidatorUsed [Attribute text] | semmle.label | [orm-model] Class CommentValidatorUsed [Attribute text] |
-| testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| testapp/orm_security_tests.py:115:5:115:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] |
-| testapp/orm_security_tests.py:115:15:115:61 | ControlFlowNode for CommentValidatorUsed() [Attribute text] | semmle.label | ControlFlowNode for CommentValidatorUsed() [Attribute text] |
-| testapp/orm_security_tests.py:115:41:115:60 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| testapp/orm_security_tests.py:117:5:117:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] |
-| testapp/orm_security_tests.py:120:5:120:11 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] |
-| testapp/orm_security_tests.py:120:15:120:49 | ControlFlowNode for Attribute() [Attribute text] | semmle.label | ControlFlowNode for Attribute() [Attribute text] |
-| testapp/orm_security_tests.py:121:25:121:31 | ControlFlowNode for comment [Attribute text] | semmle.label | ControlFlowNode for comment [Attribute text] |
-| testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| testapp/orm_security_tests.py:114:33:114:39 | request | semmle.label | request |
+| testapp/orm_security_tests.py:115:5:115:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
+| testapp/orm_security_tests.py:115:15:115:61 | After CommentValidatorUsed() [Attribute text] | semmle.label | After CommentValidatorUsed() [Attribute text] |
+| testapp/orm_security_tests.py:115:41:115:60 | After Subscript | semmle.label | After Subscript |
+| testapp/orm_security_tests.py:117:5:117:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
+| testapp/orm_security_tests.py:120:5:120:11 | comment [Attribute text] | semmle.label | comment [Attribute text] |
+| testapp/orm_security_tests.py:120:15:120:49 | After Attribute() [Attribute text] | semmle.label | After Attribute() [Attribute text] |
+| testapp/orm_security_tests.py:121:25:121:31 | comment [Attribute text] | semmle.label | comment [Attribute text] |
+| testapp/orm_security_tests.py:121:25:121:36 | After Attribute | semmle.label | After Attribute |
 subpaths
 #select
-| testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:44:29:44:37 | ControlFlowNode for resp_text | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value |
-| testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:48:25:48:57 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value |
-| testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | testapp/orm_security_tests.py:55:25:55:55 | ControlFlowNode for Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | ControlFlowNode for request | user-provided value |
-| testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | testapp/orm_security_tests.py:102:25:102:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:95:37:95:43 | ControlFlowNode for request | user-provided value |
-| testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | testapp/orm_security_tests.py:121:25:121:36 | ControlFlowNode for Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:114:33:114:39 | ControlFlowNode for request | user-provided value |
+| testapp/orm_security_tests.py:44:29:44:37 | resp_text | testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:44:29:44:37 | resp_text | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | request | user-provided value |
+| testapp/orm_security_tests.py:48:25:48:57 | After Attribute() | testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:48:25:48:57 | After Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | request | user-provided value |
+| testapp/orm_security_tests.py:55:25:55:55 | After Attribute() | testapp/orm_security_tests.py:19:12:19:18 | request | testapp/orm_security_tests.py:55:25:55:55 | After Attribute() | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:19:12:19:18 | request | user-provided value |
+| testapp/orm_security_tests.py:102:25:102:36 | After Attribute | testapp/orm_security_tests.py:95:37:95:43 | request | testapp/orm_security_tests.py:102:25:102:36 | After Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:95:37:95:43 | request | user-provided value |
+| testapp/orm_security_tests.py:121:25:121:36 | After Attribute | testapp/orm_security_tests.py:114:33:114:39 | request | testapp/orm_security_tests.py:121:25:121:36 | After Attribute | Cross-site scripting vulnerability due to a $@. | testapp/orm_security_tests.py:114:33:114:39 | request | user-provided value |
--- a/python/ql/test/library-tests/frameworks/fastapi/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/fastapi/ConceptsTest.expected
@@ -0,0 +1,45 @@
+| response_test.py:11:30:11:37 | Parameter | Unexpected result: routedParameter=response |
+| response_test.py:12:41:12:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieHttpOnly=false |
+| response_test.py:12:41:12:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieName="key" |
+| response_test.py:12:41:12:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSameSite=Lax |
+| response_test.py:12:41:12:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSecure=false |
+| response_test.py:12:41:12:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieValue="value" |
+| response_test.py:12:41:12:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieWrite |
+| response_test.py:13:51:13:161 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieHttpOnly=false |
+| response_test.py:13:51:13:161 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieName="key" |
+| response_test.py:13:51:13:161 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSameSite=Lax |
+| response_test.py:13:51:13:161 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSecure=false |
+| response_test.py:13:51:13:161 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieValue="value" |
+| response_test.py:13:51:13:161 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieWrite |
+| response_test.py:14:96:14:205 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=true CookieSameSite=Lax | Missing result: CookieHttpOnly=true |
+| response_test.py:14:96:14:205 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=true CookieSameSite=Lax | Missing result: CookieName="key" |
+| response_test.py:14:96:14:205 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=true CookieSameSite=Lax | Missing result: CookieSameSite=Lax |
+| response_test.py:14:96:14:205 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=true CookieSameSite=Lax | Missing result: CookieSecure=false |
+| response_test.py:14:96:14:205 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=true CookieSameSite=Lax | Missing result: CookieValue="value" |
+| response_test.py:14:96:14:205 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=true CookieSameSite=Lax | Missing result: CookieWrite |
+| response_test.py:15:58:15:221 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieHttpOnly=false |
+| response_test.py:15:58:15:221 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieRawHeader="key2=value2" |
+| response_test.py:15:58:15:221 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSameSite=Lax |
+| response_test.py:15:58:15:221 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSecure=false |
+| response_test.py:15:58:15:221 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieWrite |
+| response_test.py:15:58:15:221 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: headerWriteName="Set-Cookie" |
+| response_test.py:15:58:15:221 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: headerWriteValue="key2=value2" |
+| response_test.py:16:68:16:231 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieHttpOnly=false |
+| response_test.py:16:68:16:231 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieRawHeader="key2=value2" |
+| response_test.py:16:68:16:231 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSameSite=Lax |
+| response_test.py:16:68:16:231 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSecure=false |
+| response_test.py:16:68:16:231 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieWrite |
+| response_test.py:16:68:16:231 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: headerWriteName="Set-Cookie" |
+| response_test.py:16:68:16:231 | Comment # $ headerWriteName="Set-Cookie" headerWriteValue="key2=value2" CookieWrite CookieRawHeader="key2=value2" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: headerWriteValue="key2=value2" |
+| response_test.py:17:53:17:116 | Comment # $ headerWriteName="X-MyHeader" headerWriteValue="header-value" | Missing result: headerWriteName="X-MyHeader" |
+| response_test.py:17:53:17:116 | Comment # $ headerWriteName="X-MyHeader" headerWriteValue="header-value" | Missing result: headerWriteValue="header-value" |
+| response_test.py:23:26:23:29 | Parameter | Unexpected result: routedParameter=resp |
+| response_test.py:41:42:41:49 | Parameter | Unexpected result: routedParameter=response |
+| response_test.py:48:41:48:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieHttpOnly=false |
+| response_test.py:48:41:48:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieName="key" |
+| response_test.py:48:41:48:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSameSite=Lax |
+| response_test.py:48:41:48:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieSecure=false |
+| response_test.py:48:41:48:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieValue="value" |
+| response_test.py:48:41:48:151 | Comment # $ CookieWrite CookieName="key" CookieValue="value" CookieSecure=false CookieHttpOnly=false CookieSameSite=Lax | Missing result: CookieWrite |
+| response_test.py:49:87:49:184 | Comment # $ headerWriteName="Custom-Response-Type" headerWriteValue="yes, but only after function has run" | Missing result: headerWriteName="Custom-Response-Type" |
+| response_test.py:49:87:49:184 | Comment # $ headerWriteName="Custom-Response-Type" headerWriteValue="yes, but only after function has run" | Missing result: headerWriteValue="yes, but only after function has run" |
--- a/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.expected
+++ b/python/ql/test/library-tests/frameworks/fastapi/InlineTaintTest.expected
@@ -1,3 +1,107 @@
 argumentToEnsureNotTaintedNotMarkedAsSpurious
 untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+| taint_test.py:33:9:33:24 | taint_test.py:33 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.field |
+| taint_test.py:35:9:35:27 | taint_test.py:35 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.main_foo |
+| taint_test.py:36:9:36:31 | taint_test.py:36 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.main_foo.foo |
+| taint_test.py:38:9:38:29 | taint_test.py:38 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.other_foos |
+| taint_test.py:39:9:39:32 | taint_test.py:39 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.other_foos[0] |
+| taint_test.py:40:9:40:36 | taint_test.py:40 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.other_foos[0].foo |
+| taint_test.py:43:9:43:30 | taint_test.py:43 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.nested_foos |
+| taint_test.py:44:9:44:33 | taint_test.py:44 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.nested_foos[0] |
+| taint_test.py:45:9:45:36 | taint_test.py:45 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.nested_foos[0][0] |
+| taint_test.py:46:9:46:40 | taint_test.py:46 | ERROR, you should add `# $ MISSING: tainted` annotation | also_input.nested_foos[0][0].foo |
+| taint_test.py:52:9:52:18 | taint_test.py:52 | ERROR, you should add `# $ MISSING: tainted` annotation | other_foos |
+| taint_test.py:53:9:53:21 | taint_test.py:53 | ERROR, you should add `# $ MISSING: tainted` annotation | other_foos[0] |
+| taint_test.py:54:9:54:25 | taint_test.py:54 | ERROR, you should add `# $ MISSING: tainted` annotation | other_foos[0].foo |
+| taint_test.py:140:9:140:21 | taint_test.py:140 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url |
+| taint_test.py:142:9:142:28 | taint_test.py:142 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.netloc |
+| taint_test.py:143:9:143:26 | taint_test.py:143 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.path |
+| taint_test.py:144:9:144:27 | taint_test.py:144 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.query |
+| taint_test.py:145:9:145:30 | taint_test.py:145 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.fragment |
+| taint_test.py:146:9:146:30 | taint_test.py:146 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.username |
+| taint_test.py:147:9:147:30 | taint_test.py:147 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.password |
+| taint_test.py:148:9:148:30 | taint_test.py:148 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.hostname |
+| taint_test.py:149:9:149:26 | taint_test.py:149 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.port |
+| taint_test.py:151:9:151:32 | taint_test.py:151 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components |
+| taint_test.py:152:9:152:39 | taint_test.py:152 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components.netloc |
+| taint_test.py:153:9:153:37 | taint_test.py:153 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components.path |
+| taint_test.py:154:9:154:38 | taint_test.py:154 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components.query |
+| taint_test.py:155:9:155:41 | taint_test.py:155 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components.fragment |
+| taint_test.py:156:9:156:41 | taint_test.py:156 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components.username |
+| taint_test.py:157:9:157:41 | taint_test.py:157 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components.password |
+| taint_test.py:158:9:158:41 | taint_test.py:158 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components.hostname |
+| taint_test.py:159:9:159:37 | taint_test.py:159 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.url.components.port |
+| taint_test.py:161:9:161:25 | taint_test.py:161 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.headers |
+| taint_test.py:162:9:162:32 | taint_test.py:162 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.headers["key"] |
+| taint_test.py:164:9:164:30 | taint_test.py:164 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.query_params |
+| taint_test.py:165:9:165:37 | taint_test.py:165 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.query_params["key"] |
+| taint_test.py:167:9:167:25 | taint_test.py:167 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.cookies |
+| taint_test.py:168:9:168:32 | taint_test.py:168 | ERROR, you should add `# $ MISSING: tainted` annotation | websocket.cookies["key"] |
+| taint_test.py:170:9:170:33 | taint_test.py:170 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:171:9:171:39 | taint_test.py:171 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:172:9:172:38 | taint_test.py:172 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:173:9:173:38 | taint_test.py:173 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:183:24:183:27 | taint_test.py:183 | ERROR, you should add `# $ MISSING: tainted` annotation | data |
+| taint_test.py:186:24:186:27 | taint_test.py:186 | ERROR, you should add `# $ MISSING: tainted` annotation | data |
+| taint_test.py:189:24:189:27 | taint_test.py:189 | ERROR, you should add `# $ MISSING: tainted` annotation | data |
+| taint_test.py:205:9:205:28 | taint_test.py:205 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:207:9:207:28 | taint_test.py:207 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:208:9:208:35 | taint_test.py:208 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:211:9:211:28 | taint_test.py:211 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:212:9:212:35 | taint_test.py:212 | ERROR, you should add `# $ MISSING: tainted` annotation | Await |
+| taint_test.py:219:9:219:23 | taint_test.py:219 | ERROR, you should add `# $ MISSING: tainted` annotation | request.cookies |
+| taint_test.py:220:9:220:30 | taint_test.py:220 | ERROR, you should add `# $ MISSING: tainted` annotation | request.cookies["key"] |
+| taint_test.py:224:24:224:28 | taint_test.py:224 | ERROR, you should add `# $ MISSING: tainted` annotation | chunk |
 testFailures
+| taint_test.py:33:27:33:37 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:35:30:35:40 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:36:34:36:44 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:38:32:38:42 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:39:35:39:45 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:40:39:40:49 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:43:33:43:43 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:44:36:44:46 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:45:39:45:49 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:46:43:46:53 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:52:21:52:31 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:53:24:53:34 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:54:28:54:38 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:140:24:140:34 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:142:31:142:41 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:143:29:143:39 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:144:30:144:40 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:145:33:145:43 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:146:33:146:43 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:147:33:147:43 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:148:33:148:43 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:149:29:149:39 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:151:35:151:45 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:152:42:152:52 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:153:40:153:50 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:154:41:154:51 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:155:44:155:54 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:156:44:156:54 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:157:44:157:54 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:158:44:158:54 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:159:40:159:50 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:161:28:161:38 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:162:35:162:45 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:164:33:164:43 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:165:40:165:50 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:167:28:167:38 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:168:35:168:45 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:170:36:170:46 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:171:42:171:52 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:172:41:172:51 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:173:41:173:51 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:183:30:183:40 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:186:30:186:40 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:189:30:189:40 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:205:31:205:41 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:207:31:207:41 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:208:38:208:48 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:211:31:211:41 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:212:38:212:48 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:219:26:219:36 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:220:33:220:43 | Comment # $ tainted | Missing result: tainted |
+| taint_test.py:224:31:224:41 | Comment # $ tainted | Missing result: tainted |
--- a/python/ql/test/library-tests/frameworks/lxml/InlineTaintTest.expected
+++ b/python/ql/test/library-tests/frameworks/lxml/InlineTaintTest.expected
@@ -1,3 +1,6 @@
 argumentToEnsureNotTaintedNotMarkedAsSpurious
 untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+| taint_test.py:133:13:133:35 | taint_test.py:133 | ERROR, you should add `# $ MISSING: tainted` annotation | tree_arg.getroot().text |
 testFailures
+| taint_test.py:83:13:83:19 | ch.text | Fixed missing result: tainted |
+| taint_test.py:133:37:133:82 | Comment # $ tainted # Type tracking from the type hint | Missing result: tainted |
--- a/python/ql/test/library-tests/frameworks/sqlalchemy/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/sqlalchemy/ConceptsTest.expected
@@ -0,0 +1,20 @@
+| new_tests.py:49:32:49:49 | Comment # $ getSql=raw_sql | Missing result: getSql=raw_sql |
+| new_tests.py:51:42:51:59 | Comment # $ getSql=raw_sql | Missing result: getSql=raw_sql |
+| new_tests.py:54:33:54:51 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:56:43:56:61 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:60:38:60:55 | Comment # $ getSql=raw_sql | Missing result: getSql=raw_sql |
+| new_tests.py:62:46:62:63 | Comment # $ getSql=raw_sql | Missing result: getSql=raw_sql |
+| new_tests.py:65:39:65:57 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:67:47:67:65 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:72:40:72:57 | Comment # $ getSql=raw_sql | Missing result: getSql=raw_sql |
+| new_tests.py:268:31:268:58 | Comment # $ SPURIOUS: getSql=raw_sql | Fixed spurious result: getSql=raw_sql |
+| new_tests.py:273:37:273:55 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:275:47:275:65 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:278:44:278:61 | Comment # $ getSql=raw_sql | Missing result: getSql=raw_sql |
+| new_tests.py:282:40:282:57 | Comment # $ getSql=raw_sql | Missing result: getSql=raw_sql |
+| new_tests.py:294:58:294:76 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:299:30:299:57 | Comment # $ SPURIOUS: getSql=raw_sql | Fixed spurious result: getSql=raw_sql |
+| new_tests.py:302:43:302:61 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:304:53:304:71 | Comment # $ getSql=text_sql | Missing result: getSql=text_sql |
+| new_tests.py:309:35:309:51 | Comment # $ getSql=select | Missing result: getSql=select |
+| new_tests.py:314:35:314:51 | Comment # $ getSql=select | Missing result: getSql=select |
--- a/python/ql/test/library-tests/frameworks/stdlib-py2/ConceptsTest.expected
+++ b/python/ql/test/library-tests/frameworks/stdlib-py2/ConceptsTest.expected
@@ -0,0 +1 @@
+| CodeExecution.py:2:19:2:41 | Comment # $ getCode="print(42)" | Missing result: getCode="print(42)" |
--- a/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.expected
+++ b/python/ql/test/library-tests/frameworks/stdlib/InlineTaintTest.expected
@@ -1,3 +1,7 @@
 argumentToEnsureNotTaintedNotMarkedAsSpurious
 untaintedArgumentToEnsureTaintedNotMarkedAsMissing
+| http_server.py:43:9:43:54 | http_server.py:43 | ERROR, you should add `# $ MISSING: tainted` annotation | ListComp |
+| test_re.py:46:5:46:49 | test_re.py:46 | ERROR, you should add `# $ MISSING: tainted` annotation | ListComp |
 testFailures
+| http_server.py:43:57:43:67 | Comment # $ tainted | Missing result: tainted |
+| test_re.py:46:52:46:62 | Comment # $ tainted | Missing result: tainted |
--- a/python/ql/test/query-tests/Exceptions/general/CatchingBaseException.expected
+++ b/python/ql/test/query-tests/Exceptions/general/CatchingBaseException.expected
@@ -1,2 +1 @@
 | exceptions_test.py:7:5:7:11 | ExceptStmt | Except block directly handles BaseException. |
-| exceptions_test.py:97:5:97:25 | ExceptStmt | Except block directly handles BaseException. |
--- a/python/ql/test/query-tests/Exceptions/general/EmptyExcept.expected
+++ b/python/ql/test/query-tests/Exceptions/general/EmptyExcept.expected
@@ -3,3 +3,9 @@
 | exceptions_test.py:72:1:72:18 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
 | exceptions_test.py:85:1:85:17 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
 | exceptions_test.py:89:1:89:17 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
+| exceptions_test.py:144:5:144:25 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
+| exceptions_test.py:167:5:167:26 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
+| exceptions_test.py:173:5:173:22 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
+| exceptions_test.py:179:5:179:22 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
+| exceptions_test.py:185:5:185:26 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
+| exceptions_test.py:191:5:191:30 | ExceptStmt | 'except' clause does nothing but pass and there is no explanatory comment. |
--- a/python/ql/test/query-tests/Exceptions/general/IncorrectExceptOrder.expected
+++ b/python/ql/test/query-tests/Exceptions/general/IncorrectExceptOrder.expected
@@ -1 +1,3 @@
-| exceptions_test.py:64:1:64:22 | ExceptStmt | This except block handling $@ is unreachable; as $@ for the more general $@ always subsumes it. | file://:0:0:0:0 | AttributeError | AttributeError | exceptions_test.py:62:1:62:17 | ExceptStmt | this except block | file://:0:0:0:0 | Exception | Exception |
+#select
+testFailures
+| exceptions_test.py:64:24:64:55 | Comment # $ Alert[py/unreachable-except] | Missing result: Alert[py/unreachable-except] |
--- a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected
+++ b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/ModificationOfParameterWithDefault.expected
@@ -1,140 +1,132 @@
 edges
-| test.py:2:12:2:12 | ControlFlowNode for l | test.py:3:5:3:5 | ControlFlowNode for l | provenance |  |
-| test.py:7:11:7:11 | ControlFlowNode for l | test.py:8:5:8:5 | ControlFlowNode for l | provenance |  |
-| test.py:12:14:12:14 | ControlFlowNode for l | test.py:13:9:13:9 | ControlFlowNode for l | provenance |  |
-| test.py:17:15:17:15 | ControlFlowNode for l | test.py:18:5:18:5 | ControlFlowNode for l | provenance |  |
-| test.py:22:15:22:15 | ControlFlowNode for l | test.py:23:5:23:5 | ControlFlowNode for l | provenance |  |
-| test.py:27:12:27:12 | ControlFlowNode for l | test.py:28:5:28:5 | ControlFlowNode for l | provenance |  |
-| test.py:38:13:38:13 | ControlFlowNode for l | test.py:39:5:39:5 | ControlFlowNode for l | provenance |  |
-| test.py:43:14:43:14 | ControlFlowNode for l | test.py:44:13:44:13 | ControlFlowNode for l | provenance |  |
-| test.py:44:13:44:13 | ControlFlowNode for l | test.py:38:13:38:13 | ControlFlowNode for l | provenance |  |
-| test.py:48:14:48:14 | ControlFlowNode for l | test.py:49:5:49:5 | ControlFlowNode for l | provenance |  |
-| test.py:53:10:53:10 | ControlFlowNode for d | test.py:54:5:54:5 | ControlFlowNode for d | provenance |  |
-| test.py:58:19:58:19 | ControlFlowNode for d | test.py:59:5:59:5 | ControlFlowNode for d | provenance |  |
-| test.py:63:28:63:28 | ControlFlowNode for d | test.py:64:5:64:5 | ControlFlowNode for d | provenance |  |
-| test.py:67:14:67:14 | ControlFlowNode for d | test.py:68:5:68:5 | ControlFlowNode for d | provenance |  |
-| test.py:72:19:72:19 | ControlFlowNode for d | test.py:73:14:73:14 | ControlFlowNode for d | provenance |  |
-| test.py:73:14:73:14 | ControlFlowNode for d | test.py:67:14:67:14 | ControlFlowNode for d | provenance |  |
-| test.py:77:17:77:17 | ControlFlowNode for d | test.py:78:5:78:5 | ControlFlowNode for d | provenance |  |
-| test.py:82:26:82:26 | ControlFlowNode for d | test.py:83:5:83:5 | ControlFlowNode for d | provenance |  |
-| test.py:87:35:87:35 | ControlFlowNode for d | test.py:88:5:88:5 | ControlFlowNode for d | provenance |  |
-| test.py:91:21:91:21 | ControlFlowNode for d | test.py:92:5:92:5 | ControlFlowNode for d | provenance |  |
-| test.py:96:26:96:26 | ControlFlowNode for d | test.py:97:21:97:21 | ControlFlowNode for d | provenance |  |
-| test.py:97:21:97:21 | ControlFlowNode for d | test.py:91:21:91:21 | ControlFlowNode for d | provenance |  |
-| test.py:108:14:108:14 | ControlFlowNode for d | test.py:109:9:109:9 | ControlFlowNode for d | provenance |  |
-| test.py:113:20:113:20 | ControlFlowNode for d | test.py:115:5:115:5 | ControlFlowNode for d | provenance |  |
-| test.py:119:29:119:29 | ControlFlowNode for d | test.py:121:5:121:5 | ControlFlowNode for d | provenance |  |
-| test.py:124:15:124:15 | ControlFlowNode for l | test.py:128:9:128:9 | ControlFlowNode for l | provenance |  |
-| test.py:131:23:131:23 | ControlFlowNode for l | test.py:135:9:135:9 | ControlFlowNode for l | provenance |  |
-| test.py:138:15:138:15 | ControlFlowNode for l | test.py:140:9:140:9 | ControlFlowNode for l | provenance |  |
-| test.py:145:23:145:23 | ControlFlowNode for l | test.py:147:9:147:9 | ControlFlowNode for l | provenance |  |
-| test.py:153:25:153:25 | ControlFlowNode for x | test.py:154:5:154:5 | ControlFlowNode for x | provenance |  |
-| test.py:156:21:156:21 | ControlFlowNode for x | test.py:157:5:157:5 | ControlFlowNode for x | provenance |  |
-| test.py:159:27:159:27 | ControlFlowNode for y | test.py:160:25:160:25 | ControlFlowNode for y | provenance |  |
-| test.py:159:27:159:27 | ControlFlowNode for y | test.py:161:21:161:21 | ControlFlowNode for y | provenance |  |
-| test.py:160:25:160:25 | ControlFlowNode for y | test.py:153:25:153:25 | ControlFlowNode for x | provenance |  |
-| test.py:161:21:161:21 | ControlFlowNode for y | test.py:156:21:156:21 | ControlFlowNode for x | provenance |  |
-| test.py:181:28:181:28 | ControlFlowNode for x | test.py:185:9:185:9 | ControlFlowNode for x | provenance |  |
-| test.py:181:28:181:28 | ControlFlowNode for x | test.py:187:9:187:9 | ControlFlowNode for x | provenance |  |
-| test.py:194:18:194:18 | ControlFlowNode for x | test.py:195:28:195:28 | ControlFlowNode for x | provenance |  |
-| test.py:195:28:195:28 | ControlFlowNode for x | test.py:181:28:181:28 | ControlFlowNode for x | provenance |  |
-| test.py:197:18:197:18 | ControlFlowNode for x | test.py:198:28:198:28 | ControlFlowNode for x | provenance |  |
-| test.py:198:28:198:28 | ControlFlowNode for x | test.py:181:28:181:28 | ControlFlowNode for x | provenance |  |
+| test.py:2:12:2:12 | l | test.py:3:5:3:5 | l | provenance |  |
+| test.py:7:11:7:11 | l | test.py:8:5:8:5 | l | provenance |  |
+| test.py:12:14:12:14 | l | test.py:13:9:13:9 | l | provenance |  |
+| test.py:17:15:17:15 | l | test.py:18:5:18:5 | l | provenance |  |
+| test.py:22:15:22:15 | l | test.py:23:5:23:5 | l | provenance |  |
+| test.py:27:12:27:12 | l | test.py:28:5:28:5 | l | provenance |  |
+| test.py:38:13:38:13 | l | test.py:39:5:39:5 | l | provenance |  |
+| test.py:43:14:43:14 | l | test.py:44:13:44:13 | l | provenance |  |
+| test.py:44:13:44:13 | l | test.py:38:13:38:13 | l | provenance |  |
+| test.py:48:14:48:14 | l | test.py:49:5:49:5 | l | provenance |  |
+| test.py:53:10:53:10 | d | test.py:54:5:54:5 | d | provenance |  |
+| test.py:58:19:58:19 | d | test.py:59:5:59:5 | d | provenance |  |
+| test.py:63:28:63:28 | d | test.py:64:5:64:5 | d | provenance |  |
+| test.py:67:14:67:14 | d | test.py:68:5:68:5 | d | provenance |  |
+| test.py:72:19:72:19 | d | test.py:73:14:73:14 | d | provenance |  |
+| test.py:73:14:73:14 | d | test.py:67:14:67:14 | d | provenance |  |
+| test.py:77:17:77:17 | d | test.py:78:5:78:5 | d | provenance |  |
+| test.py:82:26:82:26 | d | test.py:83:5:83:5 | d | provenance |  |
+| test.py:87:35:87:35 | d | test.py:88:5:88:5 | d | provenance |  |
+| test.py:91:21:91:21 | d | test.py:92:5:92:5 | d | provenance |  |
+| test.py:96:26:96:26 | d | test.py:97:21:97:21 | d | provenance |  |
+| test.py:97:21:97:21 | d | test.py:91:21:91:21 | d | provenance |  |
+| test.py:108:14:108:14 | d | test.py:109:9:109:9 | d | provenance |  |
+| test.py:113:20:113:20 | d | test.py:115:5:115:5 | d | provenance |  |
+| test.py:119:29:119:29 | d | test.py:121:5:121:5 | d | provenance |  |
+| test.py:131:23:131:23 | l | test.py:135:9:135:9 | l | provenance |  |
+| test.py:145:23:145:23 | l | test.py:147:9:147:9 | l | provenance |  |
+| test.py:153:25:153:25 | x | test.py:154:5:154:5 | x | provenance |  |
+| test.py:156:21:156:21 | x | test.py:157:5:157:5 | x | provenance |  |
+| test.py:159:27:159:27 | y | test.py:160:25:160:25 | y | provenance |  |
+| test.py:159:27:159:27 | y | test.py:161:21:161:21 | y | provenance |  |
+| test.py:160:25:160:25 | y | test.py:153:25:153:25 | x | provenance |  |
+| test.py:161:21:161:21 | y | test.py:156:21:156:21 | x | provenance |  |
+| test.py:181:28:181:28 | x | test.py:185:9:185:9 | x | provenance |  |
+| test.py:181:28:181:28 | x | test.py:187:9:187:9 | x | provenance |  |
+| test.py:194:18:194:18 | x | test.py:195:28:195:28 | x | provenance |  |
+| test.py:195:28:195:28 | x | test.py:181:28:181:28 | x | provenance |  |
+| test.py:197:18:197:18 | x | test.py:198:28:198:28 | x | provenance |  |
+| test.py:198:28:198:28 | x | test.py:181:28:181:28 | x | provenance |  |
 nodes
-| test.py:2:12:2:12 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:3:5:3:5 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:7:11:7:11 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:8:5:8:5 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:12:14:12:14 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:13:9:13:9 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:17:15:17:15 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:18:5:18:5 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:22:15:22:15 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:23:5:23:5 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:27:12:27:12 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:28:5:28:5 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:38:13:38:13 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:39:5:39:5 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:43:14:43:14 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:44:13:44:13 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:48:14:48:14 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:49:5:49:5 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:53:10:53:10 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:54:5:54:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:58:19:58:19 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:59:5:59:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:63:28:63:28 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:64:5:64:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:67:14:67:14 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:68:5:68:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:72:19:72:19 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:73:14:73:14 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:77:17:77:17 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:78:5:78:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:82:26:82:26 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:83:5:83:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:87:35:87:35 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:88:5:88:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:91:21:91:21 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:92:5:92:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:96:26:96:26 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:97:21:97:21 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:108:14:108:14 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:109:9:109:9 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:113:20:113:20 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:115:5:115:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:119:29:119:29 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:121:5:121:5 | ControlFlowNode for d | semmle.label | ControlFlowNode for d |
-| test.py:124:15:124:15 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:128:9:128:9 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:131:23:131:23 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:135:9:135:9 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:138:15:138:15 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:140:9:140:9 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:145:23:145:23 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:147:9:147:9 | ControlFlowNode for l | semmle.label | ControlFlowNode for l |
-| test.py:153:25:153:25 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:154:5:154:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:156:21:156:21 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:157:5:157:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:159:27:159:27 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:160:25:160:25 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:161:21:161:21 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:181:28:181:28 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:185:9:185:9 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:187:9:187:9 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:194:18:194:18 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:195:28:195:28 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:197:18:197:18 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:198:28:198:28 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
+| test.py:2:12:2:12 | l | semmle.label | l |
+| test.py:3:5:3:5 | l | semmle.label | l |
+| test.py:7:11:7:11 | l | semmle.label | l |
+| test.py:8:5:8:5 | l | semmle.label | l |
+| test.py:12:14:12:14 | l | semmle.label | l |
+| test.py:13:9:13:9 | l | semmle.label | l |
+| test.py:17:15:17:15 | l | semmle.label | l |
+| test.py:18:5:18:5 | l | semmle.label | l |
+| test.py:22:15:22:15 | l | semmle.label | l |
+| test.py:23:5:23:5 | l | semmle.label | l |
+| test.py:27:12:27:12 | l | semmle.label | l |
+| test.py:28:5:28:5 | l | semmle.label | l |
+| test.py:38:13:38:13 | l | semmle.label | l |
+| test.py:39:5:39:5 | l | semmle.label | l |
+| test.py:43:14:43:14 | l | semmle.label | l |
+| test.py:44:13:44:13 | l | semmle.label | l |
+| test.py:48:14:48:14 | l | semmle.label | l |
+| test.py:49:5:49:5 | l | semmle.label | l |
+| test.py:53:10:53:10 | d | semmle.label | d |
+| test.py:54:5:54:5 | d | semmle.label | d |
+| test.py:58:19:58:19 | d | semmle.label | d |
+| test.py:59:5:59:5 | d | semmle.label | d |
+| test.py:63:28:63:28 | d | semmle.label | d |
+| test.py:64:5:64:5 | d | semmle.label | d |
+| test.py:67:14:67:14 | d | semmle.label | d |
+| test.py:68:5:68:5 | d | semmle.label | d |
+| test.py:72:19:72:19 | d | semmle.label | d |
+| test.py:73:14:73:14 | d | semmle.label | d |
+| test.py:77:17:77:17 | d | semmle.label | d |
+| test.py:78:5:78:5 | d | semmle.label | d |
+| test.py:82:26:82:26 | d | semmle.label | d |
+| test.py:83:5:83:5 | d | semmle.label | d |
+| test.py:87:35:87:35 | d | semmle.label | d |
+| test.py:88:5:88:5 | d | semmle.label | d |
+| test.py:91:21:91:21 | d | semmle.label | d |
+| test.py:92:5:92:5 | d | semmle.label | d |
+| test.py:96:26:96:26 | d | semmle.label | d |
+| test.py:97:21:97:21 | d | semmle.label | d |
+| test.py:108:14:108:14 | d | semmle.label | d |
+| test.py:109:9:109:9 | d | semmle.label | d |
+| test.py:113:20:113:20 | d | semmle.label | d |
+| test.py:115:5:115:5 | d | semmle.label | d |
+| test.py:119:29:119:29 | d | semmle.label | d |
+| test.py:121:5:121:5 | d | semmle.label | d |
+| test.py:131:23:131:23 | l | semmle.label | l |
+| test.py:135:9:135:9 | l | semmle.label | l |
+| test.py:145:23:145:23 | l | semmle.label | l |
+| test.py:147:9:147:9 | l | semmle.label | l |
+| test.py:153:25:153:25 | x | semmle.label | x |
+| test.py:154:5:154:5 | x | semmle.label | x |
+| test.py:156:21:156:21 | x | semmle.label | x |
+| test.py:157:5:157:5 | x | semmle.label | x |
+| test.py:159:27:159:27 | y | semmle.label | y |
+| test.py:160:25:160:25 | y | semmle.label | y |
+| test.py:161:21:161:21 | y | semmle.label | y |
+| test.py:181:28:181:28 | x | semmle.label | x |
+| test.py:185:9:185:9 | x | semmle.label | x |
+| test.py:187:9:187:9 | x | semmle.label | x |
+| test.py:194:18:194:18 | x | semmle.label | x |
+| test.py:195:28:195:28 | x | semmle.label | x |
+| test.py:197:18:197:18 | x | semmle.label | x |
+| test.py:198:28:198:28 | x | semmle.label | x |
 subpaths
 #select
-| test.py:3:5:3:5 | ControlFlowNode for l | test.py:2:12:2:12 | ControlFlowNode for l | test.py:3:5:3:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:2:12:2:12 | ControlFlowNode for l | default value |
-| test.py:8:5:8:5 | ControlFlowNode for l | test.py:7:11:7:11 | ControlFlowNode for l | test.py:8:5:8:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:7:11:7:11 | ControlFlowNode for l | default value |
-| test.py:13:9:13:9 | ControlFlowNode for l | test.py:12:14:12:14 | ControlFlowNode for l | test.py:13:9:13:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:12:14:12:14 | ControlFlowNode for l | default value |
-| test.py:18:5:18:5 | ControlFlowNode for l | test.py:17:15:17:15 | ControlFlowNode for l | test.py:18:5:18:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:17:15:17:15 | ControlFlowNode for l | default value |
-| test.py:23:5:23:5 | ControlFlowNode for l | test.py:22:15:22:15 | ControlFlowNode for l | test.py:23:5:23:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:22:15:22:15 | ControlFlowNode for l | default value |
-| test.py:28:5:28:5 | ControlFlowNode for l | test.py:27:12:27:12 | ControlFlowNode for l | test.py:28:5:28:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:27:12:27:12 | ControlFlowNode for l | default value |
-| test.py:39:5:39:5 | ControlFlowNode for l | test.py:43:14:43:14 | ControlFlowNode for l | test.py:39:5:39:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:43:14:43:14 | ControlFlowNode for l | default value |
-| test.py:49:5:49:5 | ControlFlowNode for l | test.py:48:14:48:14 | ControlFlowNode for l | test.py:49:5:49:5 | ControlFlowNode for l | This expression mutates a $@. | test.py:48:14:48:14 | ControlFlowNode for l | default value |
-| test.py:54:5:54:5 | ControlFlowNode for d | test.py:53:10:53:10 | ControlFlowNode for d | test.py:54:5:54:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:53:10:53:10 | ControlFlowNode for d | default value |
-| test.py:59:5:59:5 | ControlFlowNode for d | test.py:58:19:58:19 | ControlFlowNode for d | test.py:59:5:59:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:58:19:58:19 | ControlFlowNode for d | default value |
-| test.py:64:5:64:5 | ControlFlowNode for d | test.py:63:28:63:28 | ControlFlowNode for d | test.py:64:5:64:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:63:28:63:28 | ControlFlowNode for d | default value |
-| test.py:68:5:68:5 | ControlFlowNode for d | test.py:72:19:72:19 | ControlFlowNode for d | test.py:68:5:68:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:72:19:72:19 | ControlFlowNode for d | default value |
-| test.py:78:5:78:5 | ControlFlowNode for d | test.py:77:17:77:17 | ControlFlowNode for d | test.py:78:5:78:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:77:17:77:17 | ControlFlowNode for d | default value |
-| test.py:83:5:83:5 | ControlFlowNode for d | test.py:82:26:82:26 | ControlFlowNode for d | test.py:83:5:83:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:82:26:82:26 | ControlFlowNode for d | default value |
-| test.py:88:5:88:5 | ControlFlowNode for d | test.py:87:35:87:35 | ControlFlowNode for d | test.py:88:5:88:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:87:35:87:35 | ControlFlowNode for d | default value |
-| test.py:92:5:92:5 | ControlFlowNode for d | test.py:96:26:96:26 | ControlFlowNode for d | test.py:92:5:92:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:96:26:96:26 | ControlFlowNode for d | default value |
-| test.py:109:9:109:9 | ControlFlowNode for d | test.py:108:14:108:14 | ControlFlowNode for d | test.py:109:9:109:9 | ControlFlowNode for d | This expression mutates a $@. | test.py:108:14:108:14 | ControlFlowNode for d | default value |
-| test.py:115:5:115:5 | ControlFlowNode for d | test.py:113:20:113:20 | ControlFlowNode for d | test.py:115:5:115:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:113:20:113:20 | ControlFlowNode for d | default value |
-| test.py:121:5:121:5 | ControlFlowNode for d | test.py:119:29:119:29 | ControlFlowNode for d | test.py:121:5:121:5 | ControlFlowNode for d | This expression mutates a $@. | test.py:119:29:119:29 | ControlFlowNode for d | default value |
-| test.py:128:9:128:9 | ControlFlowNode for l | test.py:124:15:124:15 | ControlFlowNode for l | test.py:128:9:128:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:124:15:124:15 | ControlFlowNode for l | default value |
-| test.py:135:9:135:9 | ControlFlowNode for l | test.py:131:23:131:23 | ControlFlowNode for l | test.py:135:9:135:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:131:23:131:23 | ControlFlowNode for l | default value |
-| test.py:140:9:140:9 | ControlFlowNode for l | test.py:138:15:138:15 | ControlFlowNode for l | test.py:140:9:140:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:138:15:138:15 | ControlFlowNode for l | default value |
-| test.py:147:9:147:9 | ControlFlowNode for l | test.py:145:23:145:23 | ControlFlowNode for l | test.py:147:9:147:9 | ControlFlowNode for l | This expression mutates a $@. | test.py:145:23:145:23 | ControlFlowNode for l | default value |
-| test.py:154:5:154:5 | ControlFlowNode for x | test.py:159:27:159:27 | ControlFlowNode for y | test.py:154:5:154:5 | ControlFlowNode for x | This expression mutates a $@. | test.py:159:27:159:27 | ControlFlowNode for y | default value |
-| test.py:157:5:157:5 | ControlFlowNode for x | test.py:159:27:159:27 | ControlFlowNode for y | test.py:157:5:157:5 | ControlFlowNode for x | This expression mutates a $@. | test.py:159:27:159:27 | ControlFlowNode for y | default value |
-| test.py:185:9:185:9 | ControlFlowNode for x | test.py:194:18:194:18 | ControlFlowNode for x | test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates a $@. | test.py:194:18:194:18 | ControlFlowNode for x | default value |
-| test.py:185:9:185:9 | ControlFlowNode for x | test.py:197:18:197:18 | ControlFlowNode for x | test.py:185:9:185:9 | ControlFlowNode for x | This expression mutates a $@. | test.py:197:18:197:18 | ControlFlowNode for x | default value |
-| test.py:187:9:187:9 | ControlFlowNode for x | test.py:194:18:194:18 | ControlFlowNode for x | test.py:187:9:187:9 | ControlFlowNode for x | This expression mutates a $@. | test.py:194:18:194:18 | ControlFlowNode for x | default value |
-| test.py:187:9:187:9 | ControlFlowNode for x | test.py:197:18:197:18 | ControlFlowNode for x | test.py:187:9:187:9 | ControlFlowNode for x | This expression mutates a $@. | test.py:197:18:197:18 | ControlFlowNode for x | default value |
+| test.py:3:5:3:5 | l | test.py:2:12:2:12 | l | test.py:3:5:3:5 | l | This expression mutates a $@. | test.py:2:12:2:12 | l | default value |
+| test.py:8:5:8:5 | l | test.py:7:11:7:11 | l | test.py:8:5:8:5 | l | This expression mutates a $@. | test.py:7:11:7:11 | l | default value |
+| test.py:13:9:13:9 | l | test.py:12:14:12:14 | l | test.py:13:9:13:9 | l | This expression mutates a $@. | test.py:12:14:12:14 | l | default value |
+| test.py:18:5:18:5 | l | test.py:17:15:17:15 | l | test.py:18:5:18:5 | l | This expression mutates a $@. | test.py:17:15:17:15 | l | default value |
+| test.py:23:5:23:5 | l | test.py:22:15:22:15 | l | test.py:23:5:23:5 | l | This expression mutates a $@. | test.py:22:15:22:15 | l | default value |
+| test.py:28:5:28:5 | l | test.py:27:12:27:12 | l | test.py:28:5:28:5 | l | This expression mutates a $@. | test.py:27:12:27:12 | l | default value |
+| test.py:39:5:39:5 | l | test.py:43:14:43:14 | l | test.py:39:5:39:5 | l | This expression mutates a $@. | test.py:43:14:43:14 | l | default value |
+| test.py:49:5:49:5 | l | test.py:48:14:48:14 | l | test.py:49:5:49:5 | l | This expression mutates a $@. | test.py:48:14:48:14 | l | default value |
+| test.py:54:5:54:5 | d | test.py:53:10:53:10 | d | test.py:54:5:54:5 | d | This expression mutates a $@. | test.py:53:10:53:10 | d | default value |
+| test.py:59:5:59:5 | d | test.py:58:19:58:19 | d | test.py:59:5:59:5 | d | This expression mutates a $@. | test.py:58:19:58:19 | d | default value |
+| test.py:64:5:64:5 | d | test.py:63:28:63:28 | d | test.py:64:5:64:5 | d | This expression mutates a $@. | test.py:63:28:63:28 | d | default value |
+| test.py:68:5:68:5 | d | test.py:72:19:72:19 | d | test.py:68:5:68:5 | d | This expression mutates a $@. | test.py:72:19:72:19 | d | default value |
+| test.py:78:5:78:5 | d | test.py:77:17:77:17 | d | test.py:78:5:78:5 | d | This expression mutates a $@. | test.py:77:17:77:17 | d | default value |
+| test.py:83:5:83:5 | d | test.py:82:26:82:26 | d | test.py:83:5:83:5 | d | This expression mutates a $@. | test.py:82:26:82:26 | d | default value |
+| test.py:88:5:88:5 | d | test.py:87:35:87:35 | d | test.py:88:5:88:5 | d | This expression mutates a $@. | test.py:87:35:87:35 | d | default value |
+| test.py:92:5:92:5 | d | test.py:96:26:96:26 | d | test.py:92:5:92:5 | d | This expression mutates a $@. | test.py:96:26:96:26 | d | default value |
+| test.py:109:9:109:9 | d | test.py:108:14:108:14 | d | test.py:109:9:109:9 | d | This expression mutates a $@. | test.py:108:14:108:14 | d | default value |
+| test.py:115:5:115:5 | d | test.py:113:20:113:20 | d | test.py:115:5:115:5 | d | This expression mutates a $@. | test.py:113:20:113:20 | d | default value |
+| test.py:121:5:121:5 | d | test.py:119:29:119:29 | d | test.py:121:5:121:5 | d | This expression mutates a $@. | test.py:119:29:119:29 | d | default value |
+| test.py:135:9:135:9 | l | test.py:131:23:131:23 | l | test.py:135:9:135:9 | l | This expression mutates a $@. | test.py:131:23:131:23 | l | default value |
+| test.py:147:9:147:9 | l | test.py:145:23:145:23 | l | test.py:147:9:147:9 | l | This expression mutates a $@. | test.py:145:23:145:23 | l | default value |
+| test.py:154:5:154:5 | x | test.py:159:27:159:27 | y | test.py:154:5:154:5 | x | This expression mutates a $@. | test.py:159:27:159:27 | y | default value |
+| test.py:157:5:157:5 | x | test.py:159:27:159:27 | y | test.py:157:5:157:5 | x | This expression mutates a $@. | test.py:159:27:159:27 | y | default value |
+| test.py:185:9:185:9 | x | test.py:194:18:194:18 | x | test.py:185:9:185:9 | x | This expression mutates a $@. | test.py:194:18:194:18 | x | default value |
+| test.py:185:9:185:9 | x | test.py:197:18:197:18 | x | test.py:185:9:185:9 | x | This expression mutates a $@. | test.py:197:18:197:18 | x | default value |
+| test.py:187:9:187:9 | x | test.py:194:18:194:18 | x | test.py:187:9:187:9 | x | This expression mutates a $@. | test.py:194:18:194:18 | x | default value |
+| test.py:187:9:187:9 | x | test.py:197:18:197:18 | x | test.py:187:9:187:9 | x | This expression mutates a $@. | test.py:197:18:197:18 | x | default value |
--- a/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.expected
+++ b/python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.expected
@@ -0,0 +1,2 @@
+| test.py:128:22:128:39 | Comment # $ modification=l | Missing result: modification=l |
+| test.py:140:22:140:39 | Comment # $ modification=l | Missing result: modification=l |
--- a/python/ql/test/query-tests/Imports/deprecated/DeprecatedModule.expected
+++ b/python/ql/test/query-tests/Imports/deprecated/DeprecatedModule.expected
@@ -1,3 +1,4 @@
 | test.py:2:8:2:13 | ImportExpr | The rfc822 module was deprecated in version 2.3. Use email module instead. |
 | test.py:3:8:3:16 | ImportExpr | The posixfile module was deprecated in version 1.5. Use fcntl module instead. |
 | test.py:8:16:8:18 | ImportExpr | The md5 module was deprecated in version 2.5. Use hashlib module instead. |
+| test.py:14:10:14:12 | ImportExpr | The md5 module was deprecated in version 2.5. Use hashlib module instead. |
--- a/python/ql/test/query-tests/Resources/FileNotAlwaysClosed/FileNotAlwaysClosed.expected
+++ b/python/ql/test/query-tests/Resources/FileNotAlwaysClosed/FileNotAlwaysClosed.expected
@@ -1,9 +1,43 @@
-| resources_test.py:4:10:4:25 | ControlFlowNode for open() | File may not be closed if $@ raises an exception. | resources_test.py:5:5:5:33 | ControlFlowNode for Attribute() | this operation |
-| resources_test.py:9:10:9:25 | ControlFlowNode for open() | File is opened but is not closed. | file://:0:0:0:0 | (none) | this operation |
-| resources_test.py:108:11:108:20 | ControlFlowNode for open() | File is opened but is not closed. | file://:0:0:0:0 | (none) | this operation |
-| resources_test.py:112:11:112:28 | ControlFlowNode for opener_func2() | File may not be closed if $@ raises an exception. | resources_test.py:113:5:113:22 | ControlFlowNode for Attribute() | this operation |
-| resources_test.py:123:11:123:24 | ControlFlowNode for opener_func2() | File is opened but is not closed. | file://:0:0:0:0 | (none) | this operation |
-| resources_test.py:129:15:129:24 | ControlFlowNode for open() | File may not be closed if $@ raises an exception. | resources_test.py:130:9:130:26 | ControlFlowNode for Attribute() | this operation |
-| resources_test.py:248:11:248:25 | ControlFlowNode for open() | File is opened but is not closed. | file://:0:0:0:0 | (none) | this operation |
-| resources_test.py:269:10:269:27 | ControlFlowNode for Attribute() | File may not be closed if $@ raises an exception. | resources_test.py:271:5:271:19 | ControlFlowNode for Attribute() | this operation |
-| resources_test.py:285:11:285:20 | ControlFlowNode for open() | File may not be closed if $@ raises an exception. | resources_test.py:287:5:287:31 | ControlFlowNode for Attribute() | this operation |
+#select
+| resources_test.py:4:10:4:25 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:5:5:5:33 | After Attribute() | this operation |
+| resources_test.py:9:10:9:25 | After open() | File is opened but is not closed. | file://:0:0:0:0 | (none) | this operation |
+| resources_test.py:20:10:20:25 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:22:9:22:37 | After Attribute() | this operation |
+| resources_test.py:30:14:30:29 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:31:9:31:37 | After Attribute() | this operation |
+| resources_test.py:39:14:39:29 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:40:9:40:37 | After Attribute() | this operation |
+| resources_test.py:49:14:49:29 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:50:9:50:37 | After Attribute() | this operation |
+| resources_test.py:58:14:58:29 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:59:9:59:37 | After Attribute() | this operation |
+| resources_test.py:69:11:69:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:71:9:71:40 | After Attribute() | this operation |
+| resources_test.py:69:11:69:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:72:9:72:40 | After Attribute() | this operation |
+| resources_test.py:79:11:79:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:81:9:81:40 | After Attribute() | this operation |
+| resources_test.py:79:11:79:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:82:9:82:40 | After Attribute() | this operation |
+| resources_test.py:91:11:91:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:93:9:93:40 | After Attribute() | this operation |
+| resources_test.py:91:11:91:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:94:9:94:40 | After Attribute() | this operation |
+| resources_test.py:108:11:108:20 | After open() | File is opened but is not closed. | file://:0:0:0:0 | (none) | this operation |
+| resources_test.py:112:11:112:28 | After opener_func2() | File may not be closed if $@ raises an exception. | resources_test.py:113:5:113:22 | After Attribute() | this operation |
+| resources_test.py:123:11:123:24 | After opener_func2() | File is opened but is not closed. | file://:0:0:0:0 | (none) | this operation |
+| resources_test.py:129:15:129:24 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:130:9:130:26 | After Attribute() | this operation |
+| resources_test.py:141:11:141:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:143:9:143:40 | After Attribute() | this operation |
+| resources_test.py:141:11:141:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:144:9:144:40 | After Attribute() | this operation |
+| resources_test.py:182:15:182:54 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:186:9:186:25 | After Attribute() | this operation |
+| resources_test.py:225:11:225:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:227:9:227:25 | After Attribute() | this operation |
+| resources_test.py:237:11:237:26 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:239:9:239:25 | After Attribute() | this operation |
+| resources_test.py:248:11:248:25 | After open() | File is opened but is not closed. | file://:0:0:0:0 | (none) | this operation |
+| resources_test.py:252:11:252:25 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:254:9:254:23 | After Attribute() | this operation |
+| resources_test.py:269:10:269:27 | After Attribute() | File may not be closed if $@ raises an exception. | resources_test.py:271:5:271:19 | After Attribute() | this operation |
+| resources_test.py:275:10:275:35 | After Attribute() | File may not be closed if $@ raises an exception. | resources_test.py:278:9:278:23 | After Attribute() | this operation |
+| resources_test.py:285:11:285:20 | After open() | File may not be closed if $@ raises an exception. | resources_test.py:287:5:287:31 | After Attribute() | this operation |
+testFailures
+| resources_test.py:20:10:20:25 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:30:14:30:29 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:39:14:39:29 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:49:14:49:29 | File may not be closed if $@ raises an exception. | Fixed missing result: Alert |
+| resources_test.py:58:14:58:29 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:69:11:69:26 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:79:11:79:26 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:91:11:91:26 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:141:11:141:26 | File may not be closed if $@ raises an exception. | Fixed missing result: Alert |
+| resources_test.py:182:15:182:54 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:225:11:225:26 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:237:11:237:26 | File may not be closed if $@ raises an exception. | Fixed missing result: Alert |
+| resources_test.py:252:11:252:25 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
+| resources_test.py:275:10:275:35 | File may not be closed if $@ raises an exception. | Unexpected result: Alert |
--- a/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected
@@ -1,298 +1,295 @@
 #select
-| fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | fastapi_path_injection.py:17:21:17:24 | ControlFlowNode for path | fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | This path depends on a $@. | fastapi_path_injection.py:17:21:17:24 | ControlFlowNode for path | user-provided value |
-| fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | fastapi_path_injection.py:26:21:26:24 | ControlFlowNode for path | fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | This path depends on a $@. | fastapi_path_injection.py:26:21:26:24 | ControlFlowNode for path | user-provided value |
-| fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | fastapi_path_injection.py:31:21:31:24 | ControlFlowNode for path | fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | This path depends on a $@. | fastapi_path_injection.py:31:21:31:24 | ControlFlowNode for path | user-provided value |
-| fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | fastapi_path_injection.py:48:21:48:24 | ControlFlowNode for path | fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | This path depends on a $@. | fastapi_path_injection.py:48:21:48:24 | ControlFlowNode for path | user-provided value |
-| flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | This path depends on a $@. | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:21:14:21:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:21:14:21:18 | ControlFlowNode for npath | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:31:14:31:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:31:14:31:18 | ControlFlowNode for npath | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:48:14:48:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:48:14:48:18 | ControlFlowNode for npath | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:65:14:65:18 | ControlFlowNode for npath | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:65:14:65:18 | ControlFlowNode for npath | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:94:14:94:17 | ControlFlowNode for path | path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | path_injection.py:94:14:94:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | user-provided value |
-| path_injection.py:102:14:102:17 | ControlFlowNode for path | path_injection.py:98:20:98:22 | ControlFlowNode for foo | path_injection.py:102:14:102:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:98:20:98:22 | ControlFlowNode for foo | user-provided value |
-| path_injection.py:113:14:113:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:113:14:113:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:124:14:124:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:124:14:124:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:142:14:142:17 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:142:14:142:17 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| path_injection.py:152:18:152:21 | ControlFlowNode for path | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:152:18:152:21 | ControlFlowNode for path | This path depends on a $@. | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| pathlib_use.py:14:5:14:5 | ControlFlowNode for p | pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | pathlib_use.py:14:5:14:5 | ControlFlowNode for p | This path depends on a $@. | pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | This path depends on a $@. | pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| test.py:19:10:19:10 | ControlFlowNode for x | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:19:10:19:10 | ControlFlowNode for x | This path depends on a $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| test.py:26:10:26:10 | ControlFlowNode for y | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:26:10:26:10 | ControlFlowNode for y | This path depends on a $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| test.py:33:14:33:14 | ControlFlowNode for x | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:33:14:33:14 | ControlFlowNode for x | This path depends on a $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
-| test.py:49:14:49:14 | ControlFlowNode for y | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:49:14:49:14 | ControlFlowNode for y | This path depends on a $@. | test.py:3:26:3:32 | ControlFlowNode for ImportMember | user-provided value |
+| fastapi_path_injection.py:7:19:7:26 | filepath | fastapi_path_injection.py:17:21:17:24 | path | fastapi_path_injection.py:7:19:7:26 | filepath | This path depends on a $@. | fastapi_path_injection.py:17:21:17:24 | path | user-provided value |
+| fastapi_path_injection.py:7:19:7:26 | filepath | fastapi_path_injection.py:31:21:31:24 | path | fastapi_path_injection.py:7:19:7:26 | filepath | This path depends on a $@. | fastapi_path_injection.py:31:21:31:24 | path | user-provided value |
+| fastapi_path_injection.py:7:19:7:26 | filepath | fastapi_path_injection.py:48:21:48:24 | path | fastapi_path_injection.py:7:19:7:26 | filepath | This path depends on a $@. | fastapi_path_injection.py:48:21:48:24 | path | user-provided value |
+| flask_path_injection.py:21:32:21:38 | dirname | flask_path_injection.py:1:26:1:32 | After ImportMember | flask_path_injection.py:21:32:21:38 | dirname | This path depends on a $@. | flask_path_injection.py:1:26:1:32 | After ImportMember | user-provided value |
+| path_injection.py:13:14:13:47 | After Attribute() | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:13:14:13:47 | After Attribute() | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:21:14:21:18 | npath | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:21:14:21:18 | npath | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:31:14:31:18 | npath | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:31:14:31:18 | npath | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:48:14:48:18 | npath | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:48:14:48:18 | npath | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:65:14:65:18 | npath | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:65:14:65:18 | npath | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:87:18:87:37 | possibly_unsafe_path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:87:18:87:37 | possibly_unsafe_path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:94:14:94:17 | path | path_injection.py:91:20:91:25 | foo_id | path_injection.py:94:14:94:17 | path | This path depends on a $@. | path_injection.py:91:20:91:25 | foo_id | user-provided value |
+| path_injection.py:102:14:102:17 | path | path_injection.py:98:20:98:22 | foo | path_injection.py:102:14:102:17 | path | This path depends on a $@. | path_injection.py:98:20:98:22 | foo | user-provided value |
+| path_injection.py:113:14:113:17 | path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:113:14:113:17 | path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:124:14:124:17 | path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:124:14:124:17 | path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:132:14:132:22 | sanitized | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:132:14:132:22 | sanitized | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:142:14:142:17 | path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:142:14:142:17 | path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| path_injection.py:152:18:152:21 | path | path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:152:18:152:21 | path | This path depends on a $@. | path_injection.py:3:26:3:32 | After ImportMember | user-provided value |
+| pathlib_use.py:14:5:14:5 | p | pathlib_use.py:3:26:3:32 | After ImportMember | pathlib_use.py:14:5:14:5 | p | This path depends on a $@. | pathlib_use.py:3:26:3:32 | After ImportMember | user-provided value |
+| pathlib_use.py:17:5:17:6 | p2 | pathlib_use.py:3:26:3:32 | After ImportMember | pathlib_use.py:17:5:17:6 | p2 | This path depends on a $@. | pathlib_use.py:3:26:3:32 | After ImportMember | user-provided value |
+| test.py:19:10:19:10 | x | test.py:3:26:3:32 | After ImportMember | test.py:19:10:19:10 | x | This path depends on a $@. | test.py:3:26:3:32 | After ImportMember | user-provided value |
+| test.py:26:10:26:10 | y | test.py:3:26:3:32 | After ImportMember | test.py:26:10:26:10 | y | This path depends on a $@. | test.py:3:26:3:32 | After ImportMember | user-provided value |
+| test.py:33:14:33:14 | x | test.py:3:26:3:32 | After ImportMember | test.py:33:14:33:14 | x | This path depends on a $@. | test.py:3:26:3:32 | After ImportMember | user-provided value |
+| test.py:49:14:49:14 | y | test.py:3:26:3:32 | After ImportMember | test.py:49:14:49:14 | y | This path depends on a $@. | test.py:3:26:3:32 | After ImportMember | user-provided value |
 edges
-| fastapi_path_injection.py:6:24:6:31 | ControlFlowNode for filepath | fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | provenance |  |
-| fastapi_path_injection.py:17:21:17:24 | ControlFlowNode for path | fastapi_path_injection.py:20:34:20:37 | ControlFlowNode for path | provenance |  |
-| fastapi_path_injection.py:20:34:20:37 | ControlFlowNode for path | fastapi_path_injection.py:6:24:6:31 | ControlFlowNode for filepath | provenance |  |
-| fastapi_path_injection.py:26:21:26:24 | ControlFlowNode for path | fastapi_path_injection.py:27:34:27:37 | ControlFlowNode for path | provenance |  |
-| fastapi_path_injection.py:27:34:27:37 | ControlFlowNode for path | fastapi_path_injection.py:6:24:6:31 | ControlFlowNode for filepath | provenance |  |
-| fastapi_path_injection.py:31:21:31:24 | ControlFlowNode for path | fastapi_path_injection.py:32:34:32:37 | ControlFlowNode for path | provenance |  |
-| fastapi_path_injection.py:32:34:32:37 | ControlFlowNode for path | fastapi_path_injection.py:6:24:6:31 | ControlFlowNode for filepath | provenance |  |
-| fastapi_path_injection.py:48:21:48:24 | ControlFlowNode for path | fastapi_path_injection.py:49:45:49:48 | ControlFlowNode for path | provenance |  |
-| fastapi_path_injection.py:49:45:49:48 | ControlFlowNode for path | fastapi_path_injection.py:6:24:6:31 | ControlFlowNode for filepath | provenance |  |
-| flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | provenance |  |
-| flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | provenance |  |
-| flask_path_injection.py:19:5:19:11 | ControlFlowNode for dirname | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | provenance |  |
-| flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | provenance | dict.get |
-| flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | flask_path_injection.py:19:5:19:11 | ControlFlowNode for dirname | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:3:26:3:32 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:12:16:12:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:19:16:19:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:27:16:27:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:46:16:46:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:63:16:63:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:84:16:84:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:107:16:107:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:118:16:118:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:129:16:129:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:138:16:138:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | path_injection.py:149:16:149:22 | ControlFlowNode for request | provenance |  |
-| path_injection.py:12:5:12:12 | ControlFlowNode for filename | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| path_injection.py:12:16:12:22 | ControlFlowNode for request | path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | path_injection.py:12:5:12:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:19:5:19:12 | ControlFlowNode for filename | path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| path_injection.py:19:16:19:22 | ControlFlowNode for request | path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | path_injection.py:19:5:19:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:20:5:20:9 | ControlFlowNode for npath | path_injection.py:21:14:21:18 | ControlFlowNode for npath | provenance |  |
-| path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | path_injection.py:20:5:20:9 | ControlFlowNode for npath | provenance |  |
-| path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | provenance | Config |
-| path_injection.py:27:5:27:12 | ControlFlowNode for filename | path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| path_injection.py:27:16:27:22 | ControlFlowNode for request | path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | path_injection.py:27:5:27:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:28:5:28:9 | ControlFlowNode for npath | path_injection.py:31:14:31:18 | ControlFlowNode for npath | provenance |  |
-| path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | path_injection.py:28:5:28:9 | ControlFlowNode for npath | provenance |  |
-| path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | provenance | Config |
-| path_injection.py:46:5:46:12 | ControlFlowNode for filename | path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| path_injection.py:46:16:46:22 | ControlFlowNode for request | path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | path_injection.py:46:5:46:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:47:5:47:9 | ControlFlowNode for npath | path_injection.py:48:14:48:18 | ControlFlowNode for npath | provenance |  |
-| path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | path_injection.py:47:5:47:9 | ControlFlowNode for npath | provenance |  |
-| path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | provenance | Config |
-| path_injection.py:63:5:63:12 | ControlFlowNode for filename | path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | provenance | AdditionalTaintStep |
-| path_injection.py:63:16:63:22 | ControlFlowNode for request | path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | path_injection.py:63:5:63:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:64:5:64:9 | ControlFlowNode for npath | path_injection.py:65:14:65:18 | ControlFlowNode for npath | provenance |  |
-| path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | path_injection.py:64:5:64:9 | ControlFlowNode for npath | provenance |  |
-| path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | provenance | Config |
-| path_injection.py:84:5:84:12 | ControlFlowNode for filename | path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | provenance | AdditionalTaintStep |
-| path_injection.py:84:16:84:22 | ControlFlowNode for request | path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | path_injection.py:84:5:84:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | provenance |  |
-| path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | provenance |  |
-| path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | path_injection.py:93:5:93:8 | ControlFlowNode for path | provenance | AdditionalTaintStep |
-| path_injection.py:93:5:93:8 | ControlFlowNode for path | path_injection.py:94:14:94:17 | ControlFlowNode for path | provenance |  |
-| path_injection.py:98:20:98:22 | ControlFlowNode for foo | path_injection.py:101:5:101:8 | ControlFlowNode for path | provenance | AdditionalTaintStep |
-| path_injection.py:101:5:101:8 | ControlFlowNode for path | path_injection.py:102:14:102:17 | ControlFlowNode for path | provenance |  |
-| path_injection.py:107:5:107:12 | ControlFlowNode for filename | path_injection.py:108:5:108:8 | ControlFlowNode for path | provenance | AdditionalTaintStep |
-| path_injection.py:107:16:107:22 | ControlFlowNode for request | path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | path_injection.py:107:5:107:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:108:5:108:8 | ControlFlowNode for path | path_injection.py:113:14:113:17 | ControlFlowNode for path | provenance |  |
-| path_injection.py:118:5:118:12 | ControlFlowNode for filename | path_injection.py:119:5:119:8 | ControlFlowNode for path | provenance | AdditionalTaintStep |
-| path_injection.py:118:16:118:22 | ControlFlowNode for request | path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | path_injection.py:118:5:118:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:119:5:119:8 | ControlFlowNode for path | path_injection.py:124:14:124:17 | ControlFlowNode for path | provenance |  |
-| path_injection.py:129:5:129:12 | ControlFlowNode for filename | path_injection.py:130:5:130:8 | ControlFlowNode for path | provenance | AdditionalTaintStep |
-| path_injection.py:129:16:129:22 | ControlFlowNode for request | path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | path_injection.py:129:5:129:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:130:5:130:8 | ControlFlowNode for path | path_injection.py:131:5:131:13 | ControlFlowNode for sanitized | provenance |  |
-| path_injection.py:131:5:131:13 | ControlFlowNode for sanitized | path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | provenance |  |
-| path_injection.py:138:5:138:12 | ControlFlowNode for filename | path_injection.py:139:5:139:8 | ControlFlowNode for path | provenance | AdditionalTaintStep |
-| path_injection.py:138:16:138:22 | ControlFlowNode for request | path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | path_injection.py:138:5:138:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:139:5:139:8 | ControlFlowNode for path | path_injection.py:140:47:140:50 | ControlFlowNode for path | provenance |  |
-| path_injection.py:140:47:140:50 | ControlFlowNode for path | path_injection.py:142:14:142:17 | ControlFlowNode for path | provenance |  |
-| path_injection.py:149:5:149:12 | ControlFlowNode for filename | path_injection.py:151:9:151:12 | ControlFlowNode for path | provenance | AdditionalTaintStep |
-| path_injection.py:149:16:149:22 | ControlFlowNode for request | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | path_injection.py:149:5:149:12 | ControlFlowNode for filename | provenance |  |
-| path_injection.py:151:9:151:12 | ControlFlowNode for path | path_injection.py:152:18:152:21 | ControlFlowNode for path | provenance |  |
-| pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | pathlib_use.py:3:26:3:32 | ControlFlowNode for request | provenance |  |
-| pathlib_use.py:3:26:3:32 | ControlFlowNode for request | pathlib_use.py:12:16:12:22 | ControlFlowNode for request | provenance |  |
-| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | pathlib_use.py:13:5:13:5 | ControlFlowNode for p | provenance | AdditionalTaintStep |
-| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | provenance | AdditionalTaintStep |
-| pathlib_use.py:12:16:12:22 | ControlFlowNode for request | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | provenance | dict.get |
-| pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | provenance |  |
-| pathlib_use.py:13:5:13:5 | ControlFlowNode for p | pathlib_use.py:14:5:14:5 | ControlFlowNode for p | provenance |  |
-| pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | provenance |  |
-| test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:3:26:3:32 | ControlFlowNode for request | provenance |  |
-| test.py:3:26:3:32 | ControlFlowNode for request | test.py:9:12:9:18 | ControlFlowNode for request | provenance |  |
-| test.py:9:12:9:18 | ControlFlowNode for request | test.py:9:12:9:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| test.py:9:12:9:23 | ControlFlowNode for Attribute | test.py:9:12:9:39 | ControlFlowNode for Attribute() | provenance | dict.get |
-| test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:18:9:18:16 | ControlFlowNode for source() | provenance |  |
-| test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:24:9:24:16 | ControlFlowNode for source() | provenance |  |
-| test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:31:9:31:16 | ControlFlowNode for source() | provenance |  |
-| test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:46:9:46:16 | ControlFlowNode for source() | provenance |  |
-| test.py:12:15:12:15 | ControlFlowNode for x | test.py:13:29:13:29 | ControlFlowNode for x | provenance |  |
-| test.py:13:29:13:29 | ControlFlowNode for x | test.py:13:12:13:30 | ControlFlowNode for Attribute() | provenance | Config |
-| test.py:18:5:18:5 | ControlFlowNode for x | test.py:19:10:19:10 | ControlFlowNode for x | provenance |  |
-| test.py:18:9:18:16 | ControlFlowNode for source() | test.py:18:5:18:5 | ControlFlowNode for x | provenance |  |
-| test.py:24:5:24:5 | ControlFlowNode for x | test.py:25:19:25:19 | ControlFlowNode for x | provenance |  |
-| test.py:24:9:24:16 | ControlFlowNode for source() | test.py:24:5:24:5 | ControlFlowNode for x | provenance |  |
-| test.py:25:5:25:5 | ControlFlowNode for y | test.py:26:10:26:10 | ControlFlowNode for y | provenance |  |
-| test.py:25:9:25:20 | ControlFlowNode for normalize() | test.py:25:5:25:5 | ControlFlowNode for y | provenance |  |
-| test.py:25:19:25:19 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | provenance |  |
-| test.py:25:19:25:19 | ControlFlowNode for x | test.py:25:9:25:20 | ControlFlowNode for normalize() | provenance | Config |
-| test.py:31:5:31:5 | ControlFlowNode for x | test.py:33:14:33:14 | ControlFlowNode for x | provenance |  |
-| test.py:31:9:31:16 | ControlFlowNode for source() | test.py:31:5:31:5 | ControlFlowNode for x | provenance |  |
-| test.py:46:5:46:5 | ControlFlowNode for x | test.py:48:23:48:23 | ControlFlowNode for x | provenance |  |
-| test.py:46:9:46:16 | ControlFlowNode for source() | test.py:46:5:46:5 | ControlFlowNode for x | provenance |  |
-| test.py:48:9:48:9 | ControlFlowNode for y | test.py:49:14:49:14 | ControlFlowNode for y | provenance |  |
-| test.py:48:13:48:24 | ControlFlowNode for normalize() | test.py:48:9:48:9 | ControlFlowNode for y | provenance |  |
-| test.py:48:23:48:23 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | provenance |  |
-| test.py:48:23:48:23 | ControlFlowNode for x | test.py:48:13:48:24 | ControlFlowNode for normalize() | provenance | Config |
+| fastapi_path_injection.py:6:24:6:31 | filepath | fastapi_path_injection.py:7:19:7:26 | filepath | provenance |  |
+| fastapi_path_injection.py:17:21:17:24 | path | fastapi_path_injection.py:20:34:20:37 | path | provenance |  |
+| fastapi_path_injection.py:20:34:20:37 | path | fastapi_path_injection.py:6:24:6:31 | filepath | provenance |  |
+| fastapi_path_injection.py:31:21:31:24 | path | fastapi_path_injection.py:32:34:32:37 | path | provenance |  |
+| fastapi_path_injection.py:32:34:32:37 | path | fastapi_path_injection.py:6:24:6:31 | filepath | provenance |  |
+| fastapi_path_injection.py:48:21:48:24 | path | fastapi_path_injection.py:49:45:49:48 | path | provenance |  |
+| fastapi_path_injection.py:49:45:49:48 | path | fastapi_path_injection.py:6:24:6:31 | filepath | provenance |  |
+| flask_path_injection.py:1:26:1:32 | After ImportMember | flask_path_injection.py:1:26:1:32 | request | provenance |  |
+| flask_path_injection.py:1:26:1:32 | request | flask_path_injection.py:19:15:19:21 | request | provenance |  |
+| flask_path_injection.py:19:5:19:11 | dirname | flask_path_injection.py:21:32:21:38 | dirname | provenance |  |
+| flask_path_injection.py:19:15:19:21 | request | flask_path_injection.py:19:15:19:26 | After Attribute | provenance | AdditionalTaintStep |
+| flask_path_injection.py:19:15:19:26 | After Attribute | flask_path_injection.py:19:15:19:45 | After Attribute() | provenance | dict.get |
+| flask_path_injection.py:19:15:19:45 | After Attribute() | flask_path_injection.py:19:5:19:11 | dirname | provenance |  |
+| path_injection.py:3:26:3:32 | After ImportMember | path_injection.py:3:26:3:32 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:12:16:12:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:19:16:19:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:27:16:27:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:46:16:46:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:63:16:63:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:84:16:84:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:107:16:107:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:118:16:118:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:129:16:129:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:138:16:138:22 | request | provenance |  |
+| path_injection.py:3:26:3:32 | request | path_injection.py:149:16:149:22 | request | provenance |  |
+| path_injection.py:12:5:12:12 | filename | path_injection.py:13:14:13:47 | After Attribute() | provenance | AdditionalTaintStep |
+| path_injection.py:12:16:12:22 | request | path_injection.py:12:16:12:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:12:16:12:27 | After Attribute | path_injection.py:12:16:12:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:12:16:12:47 | After Attribute() | path_injection.py:12:5:12:12 | filename | provenance |  |
+| path_injection.py:19:5:19:12 | filename | path_injection.py:20:30:20:63 | After Attribute() | provenance | AdditionalTaintStep |
+| path_injection.py:19:16:19:22 | request | path_injection.py:19:16:19:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:19:16:19:27 | After Attribute | path_injection.py:19:16:19:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:19:16:19:47 | After Attribute() | path_injection.py:19:5:19:12 | filename | provenance |  |
+| path_injection.py:20:5:20:9 | npath | path_injection.py:21:14:21:18 | npath | provenance |  |
+| path_injection.py:20:13:20:64 | After Attribute() | path_injection.py:20:5:20:9 | npath | provenance |  |
+| path_injection.py:20:30:20:63 | After Attribute() | path_injection.py:20:13:20:64 | After Attribute() | provenance | Config |
+| path_injection.py:27:5:27:12 | filename | path_injection.py:28:30:28:63 | After Attribute() | provenance | AdditionalTaintStep |
+| path_injection.py:27:16:27:22 | request | path_injection.py:27:16:27:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:27:16:27:27 | After Attribute | path_injection.py:27:16:27:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:27:16:27:47 | After Attribute() | path_injection.py:27:5:27:12 | filename | provenance |  |
+| path_injection.py:28:5:28:9 | npath | path_injection.py:31:14:31:18 | npath | provenance |  |
+| path_injection.py:28:13:28:64 | After Attribute() | path_injection.py:28:5:28:9 | npath | provenance |  |
+| path_injection.py:28:30:28:63 | After Attribute() | path_injection.py:28:13:28:64 | After Attribute() | provenance | Config |
+| path_injection.py:46:5:46:12 | filename | path_injection.py:47:30:47:63 | After Attribute() | provenance | AdditionalTaintStep |
+| path_injection.py:46:16:46:22 | request | path_injection.py:46:16:46:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:46:16:46:27 | After Attribute | path_injection.py:46:16:46:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:46:16:46:47 | After Attribute() | path_injection.py:46:5:46:12 | filename | provenance |  |
+| path_injection.py:47:5:47:9 | npath | path_injection.py:48:14:48:18 | npath | provenance |  |
+| path_injection.py:47:13:47:64 | After Attribute() | path_injection.py:47:5:47:9 | npath | provenance |  |
+| path_injection.py:47:30:47:63 | After Attribute() | path_injection.py:47:13:47:64 | After Attribute() | provenance | Config |
+| path_injection.py:63:5:63:12 | filename | path_injection.py:64:29:64:62 | After Attribute() | provenance | AdditionalTaintStep |
+| path_injection.py:63:16:63:22 | request | path_injection.py:63:16:63:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:63:16:63:27 | After Attribute | path_injection.py:63:16:63:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:63:16:63:47 | After Attribute() | path_injection.py:63:5:63:12 | filename | provenance |  |
+| path_injection.py:64:5:64:9 | npath | path_injection.py:65:14:65:18 | npath | provenance |  |
+| path_injection.py:64:13:64:63 | After Attribute() | path_injection.py:64:5:64:9 | npath | provenance |  |
+| path_injection.py:64:29:64:62 | After Attribute() | path_injection.py:64:13:64:63 | After Attribute() | provenance | Config |
+| path_injection.py:84:5:84:12 | filename | path_injection.py:85:5:85:24 | possibly_unsafe_path | provenance | AdditionalTaintStep |
+| path_injection.py:84:16:84:22 | request | path_injection.py:84:16:84:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:84:16:84:27 | After Attribute | path_injection.py:84:16:84:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:84:16:84:47 | After Attribute() | path_injection.py:84:5:84:12 | filename | provenance |  |
+| path_injection.py:85:5:85:24 | possibly_unsafe_path | path_injection.py:86:24:86:43 | possibly_unsafe_path | provenance |  |
+| path_injection.py:86:24:86:43 | possibly_unsafe_path | path_injection.py:87:18:87:37 | possibly_unsafe_path | provenance |  |
+| path_injection.py:91:20:91:25 | foo_id | path_injection.py:93:5:93:8 | path | provenance | AdditionalTaintStep |
+| path_injection.py:93:5:93:8 | path | path_injection.py:94:14:94:17 | path | provenance |  |
+| path_injection.py:98:20:98:22 | foo | path_injection.py:101:5:101:8 | path | provenance | AdditionalTaintStep |
+| path_injection.py:101:5:101:8 | path | path_injection.py:102:14:102:17 | path | provenance |  |
+| path_injection.py:107:5:107:12 | filename | path_injection.py:108:5:108:8 | path | provenance | AdditionalTaintStep |
+| path_injection.py:107:16:107:22 | request | path_injection.py:107:16:107:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:107:16:107:27 | After Attribute | path_injection.py:107:16:107:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:107:16:107:47 | After Attribute() | path_injection.py:107:5:107:12 | filename | provenance |  |
+| path_injection.py:108:5:108:8 | path | path_injection.py:113:14:113:17 | path | provenance |  |
+| path_injection.py:118:5:118:12 | filename | path_injection.py:119:5:119:8 | path | provenance | AdditionalTaintStep |
+| path_injection.py:118:16:118:22 | request | path_injection.py:118:16:118:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:118:16:118:27 | After Attribute | path_injection.py:118:16:118:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:118:16:118:47 | After Attribute() | path_injection.py:118:5:118:12 | filename | provenance |  |
+| path_injection.py:119:5:119:8 | path | path_injection.py:124:14:124:17 | path | provenance |  |
+| path_injection.py:129:5:129:12 | filename | path_injection.py:130:5:130:8 | path | provenance | AdditionalTaintStep |
+| path_injection.py:129:16:129:22 | request | path_injection.py:129:16:129:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:129:16:129:27 | After Attribute | path_injection.py:129:16:129:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:129:16:129:47 | After Attribute() | path_injection.py:129:5:129:12 | filename | provenance |  |
+| path_injection.py:130:5:130:8 | path | path_injection.py:131:5:131:13 | sanitized | provenance |  |
+| path_injection.py:131:5:131:13 | sanitized | path_injection.py:132:14:132:22 | sanitized | provenance |  |
+| path_injection.py:138:5:138:12 | filename | path_injection.py:139:5:139:8 | path | provenance | AdditionalTaintStep |
+| path_injection.py:138:16:138:22 | request | path_injection.py:138:16:138:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:138:16:138:27 | After Attribute | path_injection.py:138:16:138:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:138:16:138:47 | After Attribute() | path_injection.py:138:5:138:12 | filename | provenance |  |
+| path_injection.py:139:5:139:8 | path | path_injection.py:140:47:140:50 | path | provenance |  |
+| path_injection.py:140:47:140:50 | path | path_injection.py:142:14:142:17 | path | provenance |  |
+| path_injection.py:149:5:149:12 | filename | path_injection.py:151:9:151:12 | path | provenance | AdditionalTaintStep |
+| path_injection.py:149:16:149:22 | request | path_injection.py:149:16:149:27 | After Attribute | provenance | AdditionalTaintStep |
+| path_injection.py:149:16:149:27 | After Attribute | path_injection.py:149:16:149:47 | After Attribute() | provenance | dict.get |
+| path_injection.py:149:16:149:47 | After Attribute() | path_injection.py:149:5:149:12 | filename | provenance |  |
+| path_injection.py:151:9:151:12 | path | path_injection.py:152:18:152:21 | path | provenance |  |
+| pathlib_use.py:3:26:3:32 | After ImportMember | pathlib_use.py:3:26:3:32 | request | provenance |  |
+| pathlib_use.py:3:26:3:32 | request | pathlib_use.py:12:16:12:22 | request | provenance |  |
+| pathlib_use.py:12:5:12:12 | filename | pathlib_use.py:13:5:13:5 | p | provenance | AdditionalTaintStep |
+| pathlib_use.py:12:5:12:12 | filename | pathlib_use.py:16:5:16:6 | p2 | provenance | AdditionalTaintStep |
+| pathlib_use.py:12:16:12:22 | request | pathlib_use.py:12:16:12:27 | After Attribute | provenance | AdditionalTaintStep |
+| pathlib_use.py:12:16:12:27 | After Attribute | pathlib_use.py:12:16:12:47 | After Attribute() | provenance | dict.get |
+| pathlib_use.py:12:16:12:47 | After Attribute() | pathlib_use.py:12:5:12:12 | filename | provenance |  |
+| pathlib_use.py:13:5:13:5 | p | pathlib_use.py:14:5:14:5 | p | provenance |  |
+| pathlib_use.py:16:5:16:6 | p2 | pathlib_use.py:17:5:17:6 | p2 | provenance |  |
+| test.py:3:26:3:32 | After ImportMember | test.py:3:26:3:32 | request | provenance |  |
+| test.py:3:26:3:32 | request | test.py:9:12:9:18 | request | provenance |  |
+| test.py:9:12:9:18 | request | test.py:9:12:9:23 | After Attribute | provenance | AdditionalTaintStep |
+| test.py:9:12:9:23 | After Attribute | test.py:9:12:9:39 | After Attribute() | provenance | dict.get |
+| test.py:9:12:9:39 | After Attribute() | test.py:18:9:18:16 | After source() | provenance |  |
+| test.py:9:12:9:39 | After Attribute() | test.py:24:9:24:16 | After source() | provenance |  |
+| test.py:9:12:9:39 | After Attribute() | test.py:31:9:31:16 | After source() | provenance |  |
+| test.py:9:12:9:39 | After Attribute() | test.py:46:9:46:16 | After source() | provenance |  |
+| test.py:12:15:12:15 | x | test.py:13:29:13:29 | x | provenance |  |
+| test.py:13:29:13:29 | x | test.py:13:12:13:30 | After Attribute() | provenance | Config |
+| test.py:18:5:18:5 | x | test.py:19:10:19:10 | x | provenance |  |
+| test.py:18:9:18:16 | After source() | test.py:18:5:18:5 | x | provenance |  |
+| test.py:24:5:24:5 | x | test.py:25:19:25:19 | x | provenance |  |
+| test.py:24:9:24:16 | After source() | test.py:24:5:24:5 | x | provenance |  |
+| test.py:25:5:25:5 | y | test.py:26:10:26:10 | y | provenance |  |
+| test.py:25:9:25:20 | After normalize() | test.py:25:5:25:5 | y | provenance |  |
+| test.py:25:19:25:19 | x | test.py:12:15:12:15 | x | provenance |  |
+| test.py:25:19:25:19 | x | test.py:25:9:25:20 | After normalize() | provenance | Config |
+| test.py:31:5:31:5 | x | test.py:33:14:33:14 | x | provenance |  |
+| test.py:31:9:31:16 | After source() | test.py:31:5:31:5 | x | provenance |  |
+| test.py:46:5:46:5 | x | test.py:48:23:48:23 | x | provenance |  |
+| test.py:46:9:46:16 | After source() | test.py:46:5:46:5 | x | provenance |  |
+| test.py:48:9:48:9 | y | test.py:49:14:49:14 | y | provenance |  |
+| test.py:48:13:48:24 | After normalize() | test.py:48:9:48:9 | y | provenance |  |
+| test.py:48:23:48:23 | x | test.py:12:15:12:15 | x | provenance |  |
+| test.py:48:23:48:23 | x | test.py:48:13:48:24 | After normalize() | provenance | Config |
 nodes
-| fastapi_path_injection.py:6:24:6:31 | ControlFlowNode for filepath | semmle.label | ControlFlowNode for filepath |
-| fastapi_path_injection.py:7:19:7:26 | ControlFlowNode for filepath | semmle.label | ControlFlowNode for filepath |
-| fastapi_path_injection.py:17:21:17:24 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| fastapi_path_injection.py:20:34:20:37 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| fastapi_path_injection.py:26:21:26:24 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| fastapi_path_injection.py:27:34:27:37 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| fastapi_path_injection.py:31:21:31:24 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| fastapi_path_injection.py:32:34:32:37 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| fastapi_path_injection.py:48:21:48:24 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| fastapi_path_injection.py:49:45:49:48 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| flask_path_injection.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_path_injection.py:19:5:19:11 | ControlFlowNode for dirname | semmle.label | ControlFlowNode for dirname |
-| flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| flask_path_injection.py:19:15:19:45 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | semmle.label | ControlFlowNode for dirname |
-| path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| path_injection.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:12:5:12:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:12:16:12:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:12:16:12:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:19:5:19:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:19:16:19:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:19:16:19:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:19:16:19:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:20:5:20:9 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
-| path_injection.py:20:13:20:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:20:30:20:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:21:14:21:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
-| path_injection.py:27:5:27:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:27:16:27:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:27:16:27:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:27:16:27:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:28:5:28:9 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
-| path_injection.py:28:13:28:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:28:30:28:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:31:14:31:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
-| path_injection.py:46:5:46:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:46:16:46:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:46:16:46:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:46:16:46:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:47:5:47:9 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
-| path_injection.py:47:13:47:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:47:30:47:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:48:14:48:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
-| path_injection.py:63:5:63:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:63:16:63:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:63:16:63:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:63:16:63:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:64:5:64:9 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
-| path_injection.py:64:13:64:63 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:64:29:64:62 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:65:14:65:18 | ControlFlowNode for npath | semmle.label | ControlFlowNode for npath |
-| path_injection.py:84:5:84:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:84:16:84:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:84:16:84:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:84:16:84:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:85:5:85:24 | ControlFlowNode for possibly_unsafe_path | semmle.label | ControlFlowNode for possibly_unsafe_path |
-| path_injection.py:86:24:86:43 | ControlFlowNode for possibly_unsafe_path | semmle.label | ControlFlowNode for possibly_unsafe_path |
-| path_injection.py:87:18:87:37 | ControlFlowNode for possibly_unsafe_path | semmle.label | ControlFlowNode for possibly_unsafe_path |
-| path_injection.py:91:20:91:25 | ControlFlowNode for foo_id | semmle.label | ControlFlowNode for foo_id |
-| path_injection.py:93:5:93:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:94:14:94:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:98:20:98:22 | ControlFlowNode for foo | semmle.label | ControlFlowNode for foo |
-| path_injection.py:101:5:101:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:102:14:102:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:107:5:107:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:107:16:107:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:107:16:107:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:107:16:107:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:108:5:108:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:113:14:113:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:118:5:118:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:118:16:118:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:118:16:118:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:118:16:118:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:119:5:119:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:124:14:124:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:129:5:129:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:129:16:129:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:129:16:129:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:129:16:129:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:130:5:130:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:131:5:131:13 | ControlFlowNode for sanitized | semmle.label | ControlFlowNode for sanitized |
-| path_injection.py:132:14:132:22 | ControlFlowNode for sanitized | semmle.label | ControlFlowNode for sanitized |
-| path_injection.py:138:5:138:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:138:16:138:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:138:16:138:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:139:5:139:8 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:140:47:140:50 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:142:14:142:17 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:149:5:149:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| path_injection.py:149:16:149:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| path_injection.py:149:16:149:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| path_injection.py:151:9:151:12 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| path_injection.py:152:18:152:21 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| pathlib_use.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| pathlib_use.py:12:5:12:12 | ControlFlowNode for filename | semmle.label | ControlFlowNode for filename |
-| pathlib_use.py:12:16:12:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| pathlib_use.py:12:16:12:47 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| pathlib_use.py:13:5:13:5 | ControlFlowNode for p | semmle.label | ControlFlowNode for p |
-| pathlib_use.py:14:5:14:5 | ControlFlowNode for p | semmle.label | ControlFlowNode for p |
-| pathlib_use.py:16:5:16:6 | ControlFlowNode for p2 | semmle.label | ControlFlowNode for p2 |
-| pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | semmle.label | ControlFlowNode for p2 |
-| test.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| test.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| test.py:9:12:9:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| test.py:9:12:9:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| test.py:9:12:9:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:12:15:12:15 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:13:12:13:30 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:13:29:13:29 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:18:5:18:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:18:9:18:16 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
-| test.py:19:10:19:10 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:24:5:24:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:24:9:24:16 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
-| test.py:25:5:25:5 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:25:9:25:20 | ControlFlowNode for normalize() | semmle.label | ControlFlowNode for normalize() |
-| test.py:25:19:25:19 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:26:10:26:10 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:31:5:31:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:31:9:31:16 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
-| test.py:33:14:33:14 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:46:5:46:5 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:46:9:46:16 | ControlFlowNode for source() | semmle.label | ControlFlowNode for source() |
-| test.py:48:9:48:9 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
-| test.py:48:13:48:24 | ControlFlowNode for normalize() | semmle.label | ControlFlowNode for normalize() |
-| test.py:48:23:48:23 | ControlFlowNode for x | semmle.label | ControlFlowNode for x |
-| test.py:49:14:49:14 | ControlFlowNode for y | semmle.label | ControlFlowNode for y |
+| fastapi_path_injection.py:6:24:6:31 | filepath | semmle.label | filepath |
+| fastapi_path_injection.py:7:19:7:26 | filepath | semmle.label | filepath |
+| fastapi_path_injection.py:17:21:17:24 | path | semmle.label | path |
+| fastapi_path_injection.py:20:34:20:37 | path | semmle.label | path |
+| fastapi_path_injection.py:31:21:31:24 | path | semmle.label | path |
+| fastapi_path_injection.py:32:34:32:37 | path | semmle.label | path |
+| fastapi_path_injection.py:48:21:48:24 | path | semmle.label | path |
+| fastapi_path_injection.py:49:45:49:48 | path | semmle.label | path |
+| flask_path_injection.py:1:26:1:32 | After ImportMember | semmle.label | After ImportMember |
+| flask_path_injection.py:1:26:1:32 | request | semmle.label | request |
+| flask_path_injection.py:19:5:19:11 | dirname | semmle.label | dirname |
+| flask_path_injection.py:19:15:19:21 | request | semmle.label | request |
+| flask_path_injection.py:19:15:19:26 | After Attribute | semmle.label | After Attribute |
+| flask_path_injection.py:19:15:19:45 | After Attribute() | semmle.label | After Attribute() |
+| flask_path_injection.py:21:32:21:38 | dirname | semmle.label | dirname |
+| path_injection.py:3:26:3:32 | After ImportMember | semmle.label | After ImportMember |
+| path_injection.py:3:26:3:32 | request | semmle.label | request |
+| path_injection.py:12:5:12:12 | filename | semmle.label | filename |
+| path_injection.py:12:16:12:22 | request | semmle.label | request |
+| path_injection.py:12:16:12:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:12:16:12:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:13:14:13:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:19:5:19:12 | filename | semmle.label | filename |
+| path_injection.py:19:16:19:22 | request | semmle.label | request |
+| path_injection.py:19:16:19:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:19:16:19:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:20:5:20:9 | npath | semmle.label | npath |
+| path_injection.py:20:13:20:64 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:20:30:20:63 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:21:14:21:18 | npath | semmle.label | npath |
+| path_injection.py:27:5:27:12 | filename | semmle.label | filename |
+| path_injection.py:27:16:27:22 | request | semmle.label | request |
+| path_injection.py:27:16:27:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:27:16:27:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:28:5:28:9 | npath | semmle.label | npath |
+| path_injection.py:28:13:28:64 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:28:30:28:63 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:31:14:31:18 | npath | semmle.label | npath |
+| path_injection.py:46:5:46:12 | filename | semmle.label | filename |
+| path_injection.py:46:16:46:22 | request | semmle.label | request |
+| path_injection.py:46:16:46:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:46:16:46:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:47:5:47:9 | npath | semmle.label | npath |
+| path_injection.py:47:13:47:64 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:47:30:47:63 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:48:14:48:18 | npath | semmle.label | npath |
+| path_injection.py:63:5:63:12 | filename | semmle.label | filename |
+| path_injection.py:63:16:63:22 | request | semmle.label | request |
+| path_injection.py:63:16:63:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:63:16:63:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:64:5:64:9 | npath | semmle.label | npath |
+| path_injection.py:64:13:64:63 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:64:29:64:62 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:65:14:65:18 | npath | semmle.label | npath |
+| path_injection.py:84:5:84:12 | filename | semmle.label | filename |
+| path_injection.py:84:16:84:22 | request | semmle.label | request |
+| path_injection.py:84:16:84:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:84:16:84:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:85:5:85:24 | possibly_unsafe_path | semmle.label | possibly_unsafe_path |
+| path_injection.py:86:24:86:43 | possibly_unsafe_path | semmle.label | possibly_unsafe_path |
+| path_injection.py:87:18:87:37 | possibly_unsafe_path | semmle.label | possibly_unsafe_path |
+| path_injection.py:91:20:91:25 | foo_id | semmle.label | foo_id |
+| path_injection.py:93:5:93:8 | path | semmle.label | path |
+| path_injection.py:94:14:94:17 | path | semmle.label | path |
+| path_injection.py:98:20:98:22 | foo | semmle.label | foo |
+| path_injection.py:101:5:101:8 | path | semmle.label | path |
+| path_injection.py:102:14:102:17 | path | semmle.label | path |
+| path_injection.py:107:5:107:12 | filename | semmle.label | filename |
+| path_injection.py:107:16:107:22 | request | semmle.label | request |
+| path_injection.py:107:16:107:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:107:16:107:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:108:5:108:8 | path | semmle.label | path |
+| path_injection.py:113:14:113:17 | path | semmle.label | path |
+| path_injection.py:118:5:118:12 | filename | semmle.label | filename |
+| path_injection.py:118:16:118:22 | request | semmle.label | request |
+| path_injection.py:118:16:118:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:118:16:118:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:119:5:119:8 | path | semmle.label | path |
+| path_injection.py:124:14:124:17 | path | semmle.label | path |
+| path_injection.py:129:5:129:12 | filename | semmle.label | filename |
+| path_injection.py:129:16:129:22 | request | semmle.label | request |
+| path_injection.py:129:16:129:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:129:16:129:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:130:5:130:8 | path | semmle.label | path |
+| path_injection.py:131:5:131:13 | sanitized | semmle.label | sanitized |
+| path_injection.py:132:14:132:22 | sanitized | semmle.label | sanitized |
+| path_injection.py:138:5:138:12 | filename | semmle.label | filename |
+| path_injection.py:138:16:138:22 | request | semmle.label | request |
+| path_injection.py:138:16:138:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:138:16:138:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:139:5:139:8 | path | semmle.label | path |
+| path_injection.py:140:47:140:50 | path | semmle.label | path |
+| path_injection.py:142:14:142:17 | path | semmle.label | path |
+| path_injection.py:149:5:149:12 | filename | semmle.label | filename |
+| path_injection.py:149:16:149:22 | request | semmle.label | request |
+| path_injection.py:149:16:149:27 | After Attribute | semmle.label | After Attribute |
+| path_injection.py:149:16:149:47 | After Attribute() | semmle.label | After Attribute() |
+| path_injection.py:151:9:151:12 | path | semmle.label | path |
+| path_injection.py:152:18:152:21 | path | semmle.label | path |
+| pathlib_use.py:3:26:3:32 | After ImportMember | semmle.label | After ImportMember |
+| pathlib_use.py:3:26:3:32 | request | semmle.label | request |
+| pathlib_use.py:12:5:12:12 | filename | semmle.label | filename |
+| pathlib_use.py:12:16:12:22 | request | semmle.label | request |
+| pathlib_use.py:12:16:12:27 | After Attribute | semmle.label | After Attribute |
+| pathlib_use.py:12:16:12:47 | After Attribute() | semmle.label | After Attribute() |
+| pathlib_use.py:13:5:13:5 | p | semmle.label | p |
+| pathlib_use.py:14:5:14:5 | p | semmle.label | p |
+| pathlib_use.py:16:5:16:6 | p2 | semmle.label | p2 |
+| pathlib_use.py:17:5:17:6 | p2 | semmle.label | p2 |
+| test.py:3:26:3:32 | After ImportMember | semmle.label | After ImportMember |
+| test.py:3:26:3:32 | request | semmle.label | request |
+| test.py:9:12:9:18 | request | semmle.label | request |
+| test.py:9:12:9:23 | After Attribute | semmle.label | After Attribute |
+| test.py:9:12:9:39 | After Attribute() | semmle.label | After Attribute() |
+| test.py:12:15:12:15 | x | semmle.label | x |
+| test.py:13:12:13:30 | After Attribute() | semmle.label | After Attribute() |
+| test.py:13:29:13:29 | x | semmle.label | x |
+| test.py:18:5:18:5 | x | semmle.label | x |
+| test.py:18:9:18:16 | After source() | semmle.label | After source() |
+| test.py:19:10:19:10 | x | semmle.label | x |
+| test.py:24:5:24:5 | x | semmle.label | x |
+| test.py:24:9:24:16 | After source() | semmle.label | After source() |
+| test.py:25:5:25:5 | y | semmle.label | y |
+| test.py:25:9:25:20 | After normalize() | semmle.label | After normalize() |
+| test.py:25:19:25:19 | x | semmle.label | x |
+| test.py:26:10:26:10 | y | semmle.label | y |
+| test.py:31:5:31:5 | x | semmle.label | x |
+| test.py:31:9:31:16 | After source() | semmle.label | After source() |
+| test.py:33:14:33:14 | x | semmle.label | x |
+| test.py:46:5:46:5 | x | semmle.label | x |
+| test.py:46:9:46:16 | After source() | semmle.label | After source() |
+| test.py:48:9:48:9 | y | semmle.label | y |
+| test.py:48:13:48:24 | After normalize() | semmle.label | After normalize() |
+| test.py:48:23:48:23 | x | semmle.label | x |
+| test.py:49:14:49:14 | y | semmle.label | y |
 subpaths
-| test.py:25:19:25:19 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | test.py:13:12:13:30 | ControlFlowNode for Attribute() | test.py:25:9:25:20 | ControlFlowNode for normalize() |
-| test.py:48:23:48:23 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x | test.py:13:12:13:30 | ControlFlowNode for Attribute() | test.py:48:13:48:24 | ControlFlowNode for normalize() |
+| test.py:25:19:25:19 | x | test.py:12:15:12:15 | x | test.py:13:12:13:30 | After Attribute() | test.py:25:9:25:20 | After normalize() |
+| test.py:48:23:48:23 | x | test.py:12:15:12:15 | x | test.py:13:12:13:30 | After Attribute() | test.py:48:13:48:24 | After normalize() |
+testFailures
+| fastapi_path_injection.py:26:72:26:81 | Comment # $ Source | Missing result: Source |
--- a/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected
+++ b/python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected
@@ -1,37 +1,37 @@
-edges
-| code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:1:26:1:32 | ControlFlowNode for request | provenance |  |
-| code_injection.py:1:26:1:32 | ControlFlowNode for request | code_injection.py:6:12:6:18 | ControlFlowNode for request | provenance |  |
-| code_injection.py:1:26:1:32 | ControlFlowNode for request | code_injection.py:18:16:18:22 | ControlFlowNode for request | provenance |  |
-| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:7:10:7:13 | ControlFlowNode for code | provenance |  |
-| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:8:10:8:13 | ControlFlowNode for code | provenance |  |
-| code_injection.py:6:5:6:8 | ControlFlowNode for code | code_injection.py:9:5:9:7 | ControlFlowNode for cmd | provenance | AdditionalTaintStep |
-| code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | provenance | dict.get |
-| code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | code_injection.py:6:5:6:8 | ControlFlowNode for code | provenance |  |
-| code_injection.py:9:5:9:7 | ControlFlowNode for cmd | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | provenance |  |
-| code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | provenance |  |
-| code_injection.py:18:16:18:22 | ControlFlowNode for request | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
-| code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | provenance | dict.get |
-| code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | provenance |  |
-nodes
-| code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
-| code_injection.py:1:26:1:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| code_injection.py:6:5:6:8 | ControlFlowNode for code | semmle.label | ControlFlowNode for code |
-| code_injection.py:6:12:6:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| code_injection.py:6:12:6:35 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| code_injection.py:7:10:7:13 | ControlFlowNode for code | semmle.label | ControlFlowNode for code |
-| code_injection.py:8:10:8:13 | ControlFlowNode for code | semmle.label | ControlFlowNode for code |
-| code_injection.py:9:5:9:7 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
-| code_injection.py:10:10:10:12 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
-| code_injection.py:18:5:18:12 | ControlFlowNode for obj_name | semmle.label | ControlFlowNode for obj_name |
-| code_injection.py:18:16:18:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
-| code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| code_injection.py:18:16:18:38 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | semmle.label | ControlFlowNode for obj_name |
-subpaths
 #select
-| code_injection.py:7:10:7:13 | ControlFlowNode for code | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:7:10:7:13 | ControlFlowNode for code | This code execution depends on a $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| code_injection.py:8:10:8:13 | ControlFlowNode for code | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:8:10:8:13 | ControlFlowNode for code | This code execution depends on a $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| code_injection.py:10:10:10:12 | ControlFlowNode for cmd | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:10:10:10:12 | ControlFlowNode for cmd | This code execution depends on a $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
-| code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name | This code execution depends on a $@. | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | user-provided value |
+| code_injection.py:7:10:7:13 | code | code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:7:10:7:13 | code | This code execution depends on a $@. | code_injection.py:1:26:1:32 | After ImportMember | user-provided value |
+| code_injection.py:8:10:8:13 | code | code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:8:10:8:13 | code | This code execution depends on a $@. | code_injection.py:1:26:1:32 | After ImportMember | user-provided value |
+| code_injection.py:10:10:10:12 | cmd | code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:10:10:10:12 | cmd | This code execution depends on a $@. | code_injection.py:1:26:1:32 | After ImportMember | user-provided value |
+| code_injection.py:21:20:21:27 | obj_name | code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:21:20:21:27 | obj_name | This code execution depends on a $@. | code_injection.py:1:26:1:32 | After ImportMember | user-provided value |
+edges
+| code_injection.py:1:26:1:32 | After ImportMember | code_injection.py:1:26:1:32 | request | provenance |  |
+| code_injection.py:1:26:1:32 | request | code_injection.py:6:12:6:18 | request | provenance |  |
+| code_injection.py:1:26:1:32 | request | code_injection.py:18:16:18:22 | request | provenance |  |
+| code_injection.py:6:5:6:8 | code | code_injection.py:7:10:7:13 | code | provenance |  |
+| code_injection.py:6:5:6:8 | code | code_injection.py:8:10:8:13 | code | provenance |  |
+| code_injection.py:6:5:6:8 | code | code_injection.py:9:5:9:7 | cmd | provenance | AdditionalTaintStep |
+| code_injection.py:6:12:6:18 | request | code_injection.py:6:12:6:23 | After Attribute | provenance | AdditionalTaintStep |
+| code_injection.py:6:12:6:23 | After Attribute | code_injection.py:6:12:6:35 | After Attribute() | provenance | dict.get |
+| code_injection.py:6:12:6:35 | After Attribute() | code_injection.py:6:5:6:8 | code | provenance |  |
+| code_injection.py:9:5:9:7 | cmd | code_injection.py:10:10:10:12 | cmd | provenance |  |
+| code_injection.py:18:5:18:12 | obj_name | code_injection.py:21:20:21:27 | obj_name | provenance |  |
+| code_injection.py:18:16:18:22 | request | code_injection.py:18:16:18:27 | After Attribute | provenance | AdditionalTaintStep |
+| code_injection.py:18:16:18:27 | After Attribute | code_injection.py:18:16:18:38 | After Attribute() | provenance | dict.get |
+| code_injection.py:18:16:18:38 | After Attribute() | code_injection.py:18:5:18:12 | obj_name | provenance |  |
+nodes
+| code_injection.py:1:26:1:32 | After ImportMember | semmle.label | After ImportMember |
+| code_injection.py:1:26:1:32 | request | semmle.label | request |
+| code_injection.py:6:5:6:8 | code | semmle.label | code |
+| code_injection.py:6:12:6:18 | request | semmle.label | request |
+| code_injection.py:6:12:6:23 | After Attribute | semmle.label | After Attribute |
+| code_injection.py:6:12:6:35 | After Attribute() | semmle.label | After Attribute() |
+| code_injection.py:7:10:7:13 | code | semmle.label | code |
+| code_injection.py:8:10:8:13 | code | semmle.label | code |
+| code_injection.py:9:5:9:7 | cmd | semmle.label | cmd |
+| code_injection.py:10:10:10:12 | cmd | semmle.label | cmd |
+| code_injection.py:18:5:18:12 | obj_name | semmle.label | obj_name |
+| code_injection.py:18:16:18:22 | request | semmle.label | request |
+| code_injection.py:18:16:18:27 | After Attribute | semmle.label | After Attribute |
+| code_injection.py:18:16:18:38 | After Attribute() | semmle.label | After Attribute() |
+| code_injection.py:21:20:21:27 | obj_name | semmle.label | obj_name |
+subpaths
--- a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/ExceptionInfo.expected
+++ b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/ExceptionInfo.expected
@@ -0,0 +1,17 @@
+| Exceptions.py:3:25:3:41 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Exceptions.py:9:29:9:45 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:6:57:6:73 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:8:46:8:62 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:9:39:9:55 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:10:40:10:56 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:11:75:11:91 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:12:61:12:77 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:13:41:13:57 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:14:37:14:53 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| Stacktrace.py:15:47:15:63 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| test.py:16:40:16:56 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| test.py:23:29:23:45 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| test.py:31:29:31:45 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| test.py:40:38:40:54 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| test.py:49:39:49:55 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
+| test.py:65:28:65:44 | Comment # $ exceptionInfo | Missing result: exceptionInfo |
--- a/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
+++ b/python/ql/test/query-tests/Security/CWE-209-StackTraceExposure/StackTraceExposure.expected
@@ -1,33 +1,4 @@
 edges
-| test.py:23:25:23:25 | ControlFlowNode for e | test.py:24:16:24:16 | ControlFlowNode for e | provenance |  |
-| test.py:31:25:31:25 | ControlFlowNode for e | test.py:32:16:32:16 | ControlFlowNode for e | provenance |  |
-| test.py:32:16:32:16 | ControlFlowNode for e | test.py:32:16:32:30 | ControlFlowNode for Attribute | provenance | Config |
-| test.py:49:9:49:11 | ControlFlowNode for err | test.py:50:29:50:31 | ControlFlowNode for err | provenance |  |
-| test.py:49:15:49:36 | ControlFlowNode for Attribute() | test.py:49:9:49:11 | ControlFlowNode for err | provenance |  |
-| test.py:50:29:50:31 | ControlFlowNode for err | test.py:50:16:50:32 | ControlFlowNode for format_error() | provenance |  |
-| test.py:50:29:50:31 | ControlFlowNode for err | test.py:52:18:52:20 | ControlFlowNode for msg | provenance |  |
-| test.py:52:18:52:20 | ControlFlowNode for msg | test.py:53:12:53:27 | ControlFlowNode for BinaryExpr | provenance |  |
-| test.py:65:25:65:25 | ControlFlowNode for e | test.py:66:24:66:40 | ControlFlowNode for Dict | provenance |  |
 nodes
-| test.py:16:16:16:37 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:23:25:23:25 | ControlFlowNode for e | semmle.label | ControlFlowNode for e |
-| test.py:24:16:24:16 | ControlFlowNode for e | semmle.label | ControlFlowNode for e |
-| test.py:31:25:31:25 | ControlFlowNode for e | semmle.label | ControlFlowNode for e |
-| test.py:32:16:32:16 | ControlFlowNode for e | semmle.label | ControlFlowNode for e |
-| test.py:32:16:32:30 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
-| test.py:49:9:49:11 | ControlFlowNode for err | semmle.label | ControlFlowNode for err |
-| test.py:49:15:49:36 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| test.py:50:16:50:32 | ControlFlowNode for format_error() | semmle.label | ControlFlowNode for format_error() |
-| test.py:50:29:50:31 | ControlFlowNode for err | semmle.label | ControlFlowNode for err |
-| test.py:52:18:52:20 | ControlFlowNode for msg | semmle.label | ControlFlowNode for msg |
-| test.py:53:12:53:27 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
-| test.py:65:25:65:25 | ControlFlowNode for e | semmle.label | ControlFlowNode for e |
-| test.py:66:24:66:40 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
 subpaths
-| test.py:50:29:50:31 | ControlFlowNode for err | test.py:52:18:52:20 | ControlFlowNode for msg | test.py:53:12:53:27 | ControlFlowNode for BinaryExpr | test.py:50:16:50:32 | ControlFlowNode for format_error() |
 #select
-| test.py:16:16:16:37 | ControlFlowNode for Attribute() | test.py:16:16:16:37 | ControlFlowNode for Attribute() | test.py:16:16:16:37 | ControlFlowNode for Attribute() | $@ flows to this location and may be exposed to an external user. | test.py:16:16:16:37 | ControlFlowNode for Attribute() | Stack trace information |
-| test.py:24:16:24:16 | ControlFlowNode for e | test.py:23:25:23:25 | ControlFlowNode for e | test.py:24:16:24:16 | ControlFlowNode for e | $@ flows to this location and may be exposed to an external user. | test.py:23:25:23:25 | ControlFlowNode for e | Stack trace information |
-| test.py:32:16:32:30 | ControlFlowNode for Attribute | test.py:31:25:31:25 | ControlFlowNode for e | test.py:32:16:32:30 | ControlFlowNode for Attribute | $@ flows to this location and may be exposed to an external user. | test.py:31:25:31:25 | ControlFlowNode for e | Stack trace information |
-| test.py:50:16:50:32 | ControlFlowNode for format_error() | test.py:49:15:49:36 | ControlFlowNode for Attribute() | test.py:50:16:50:32 | ControlFlowNode for format_error() | $@ flows to this location and may be exposed to an external user. | test.py:49:15:49:36 | ControlFlowNode for Attribute() | Stack trace information |
-| test.py:66:24:66:40 | ControlFlowNode for Dict | test.py:65:25:65:25 | ControlFlowNode for e | test.py:66:24:66:40 | ControlFlowNode for Dict | $@ flows to this location and may be exposed to an external user. | test.py:65:25:65:25 | ControlFlowNode for e | Stack trace information |
--- a/python/ql/test/query-tests/Security/CWE-295-RequestWithoutValidation/RequestWithoutValidation.expected
+++ b/python/ql/test/query-tests/Security/CWE-295-RequestWithoutValidation/RequestWithoutValidation.expected
@@ -1,6 +1,6 @@
-| make_request.py:5:1:5:48 | ControlFlowNode for Attribute() | This request may run without certificate validation because $@. | make_request.py:5:43:5:47 | ControlFlowNode for False | it is disabled | make_request.py:5:43:5:47 | ControlFlowNode for False | this value |
-| make_request.py:7:1:7:49 | ControlFlowNode for Attribute() | This request may run without certificate validation because $@. | make_request.py:7:44:7:48 | ControlFlowNode for False | it is disabled | make_request.py:7:44:7:48 | ControlFlowNode for False | this value |
-| make_request.py:12:1:12:39 | ControlFlowNode for put() | This request may run without certificate validation because $@. | make_request.py:12:34:12:38 | ControlFlowNode for False | it is disabled | make_request.py:12:34:12:38 | ControlFlowNode for False | this value |
-| make_request.py:28:5:28:46 | ControlFlowNode for patch() | This request may run without certificate validation because $@ by $@. | make_request.py:28:40:28:45 | ControlFlowNode for verify | it is disabled | make_request.py:30:6:30:10 | ControlFlowNode for False | this value |
-| make_request.py:34:1:34:45 | ControlFlowNode for Attribute() | This request may run without certificate validation because $@. | make_request.py:34:44:34:44 | ControlFlowNode for IntegerLiteral | it is disabled | make_request.py:34:44:34:44 | ControlFlowNode for IntegerLiteral | this value |
-| make_request.py:41:1:41:26 | ControlFlowNode for Attribute() | This request may run without certificate validation because $@. | make_request.py:41:21:41:25 | ControlFlowNode for False | it is disabled | make_request.py:41:21:41:25 | ControlFlowNode for False | this value |
+| make_request.py:5:1:5:48 | After Attribute() | This request may run without certificate validation because $@. | make_request.py:5:43:5:47 | False | it is disabled | make_request.py:5:43:5:47 | False | this value |
+| make_request.py:7:1:7:49 | After Attribute() | This request may run without certificate validation because $@ by $@. | make_request.py:7:44:7:48 | False | it is disabled | make_request.py:5:43:5:47 | False | this value |
+| make_request.py:12:1:12:39 | After put() | This request may run without certificate validation because $@ by $@. | make_request.py:12:34:12:38 | False | it is disabled | make_request.py:5:43:5:47 | False | this value |
+| make_request.py:28:5:28:46 | After patch() | This request may run without certificate validation because $@ by $@. | make_request.py:28:40:28:45 | verify | it is disabled | make_request.py:5:43:5:47 | False | this value |
+| make_request.py:34:1:34:45 | After Attribute() | This request may run without certificate validation because $@. | make_request.py:34:44:34:44 | IntegerLiteral | it is disabled | make_request.py:34:44:34:44 | IntegerLiteral | this value |
+| make_request.py:41:1:41:26 | After Attribute() | This request may run without certificate validation because $@ by $@. | make_request.py:41:21:41:25 | False | it is disabled | make_request.py:5:43:5:47 | False | this value |
--- a/python/ql/test/query-tests/Statements/exit/UseOfExit.expected
+++ b/python/ql/test/query-tests/Statements/exit/UseOfExit.expected
@@ -1 +0,0 @@
-| test.py:7:9:7:15 | ControlFlowNode for exit() | The 'exit' site.Quitter object may not exist if the 'site' module is not loaded or is modified. |
				`@@ -0,0 +1 @@`
				`\| CodeExecution.py:2:19:2:41 \| Comment # $ getCode="print(42)" \| Missing result: getCode="print(42)" \|`
				`@@ -1 +0,0 @@`
				`\| test.py:7:9:7:15 \| ControlFlowNode for exit() \| The 'exit' site.Quitter object may not exist if the 'site' module is not loaded or is modified. \|`