diff --git a/go/ql/test/example-tests/snippets/fieldwrite.expected b/go/ql/test/example-tests/snippets/fieldwrite.expected
index 26c7f7b90f8..2819dac1c65 100644
--- a/go/ql/test/example-tests/snippets/fieldwrite.expected
+++ b/go/ql/test/example-tests/snippets/fieldwrite.expected
@@ -1 +1 @@
-| main.go:23:3:23:13 | assignment to field Status | main.go:23:17:23:21 | "200" |
+| main.go:23:3:23:21 | assign:0 ... = ... | main.go:23:17:23:21 | "200" |
diff --git a/go/ql/test/example-tests/snippets/typeinfo.expected b/go/ql/test/example-tests/snippets/typeinfo.expected
index c3a0ff5dacb..f71199a6f28 100644
--- a/go/ql/test/example-tests/snippets/typeinfo.expected
+++ b/go/ql/test/example-tests/snippets/typeinfo.expected
@@ -2,7 +2,7 @@
 | file://:0:0:0:0 | [summary param] -1 in Clone |
 | file://:0:0:0:0 | [summary param] -1 in Write |
 | file://:0:0:0:0 | [summary param] -1 in WriteProxy |
-| main.go:18:12:18:14 | SSA def(req) |
-| main.go:18:12:18:14 | argument corresponding to req |
+| main.go:18:103:26:1 | SSA def(req) |
+| main.go:18:103:26:1 | arg:0 block statement |
 | main.go:20:5:20:7 | req |
 | main.go:20:5:20:7 | req [postupdate] |
diff --git a/go/ql/test/example-tests/snippets/varwrite.expected b/go/ql/test/example-tests/snippets/varwrite.expected
index b2c06e76a27..8b35595f4a8 100644
--- a/go/ql/test/example-tests/snippets/varwrite.expected
+++ b/go/ql/test/example-tests/snippets/varwrite.expected
@@ -1 +1 @@
-| main.go:29:2:29:4 | assignment to err | main.go:29:9:29:31 | call to test1 |
+| main.go:29:2:29:31 | assign:0 ... := ... | main.go:29:9:29:31 | call to test1 |
diff --git a/go/ql/test/experimental/CWE-285/PamAuthBypass.expected b/go/ql/test/experimental/CWE-285/PamAuthBypass.expected
index 23441b3361e..f7bc883d2d5 100644
--- a/go/ql/test/experimental/CWE-285/PamAuthBypass.expected
+++ b/go/ql/test/experimental/CWE-285/PamAuthBypass.expected
@@ -1 +1 @@
-| main.go:10:2:12:3 | ... := ...[0] | This Pam transaction may not be secure. |
\ No newline at end of file
+| main.go:10:2:12:3 | extract:0 ... := ... | This Pam transaction may not be secure. |
diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected
index 5c8d1832ac1..28f5e2ca18b 100644
--- a/go/ql/test/experimental/CWE-918/SSRF.expected
+++ b/go/ql/test/experimental/CWE-918/SSRF.expected
@@ -24,9 +24,9 @@ edges
 | builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | provenance | Src:MaD:8  |
 | builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | provenance | Src:MaD:8  |
 | builtin.go:151:16:151:36 | call to FormValue | builtin.go:154:13:154:22 | unsafehost | provenance | Src:MaD:7  |
-| builtin.go:154:2:154:4 | implicit dereference [postupdate] | builtin.go:154:2:154:4 | url [postupdate] | provenance |  |
+| builtin.go:154:2:154:4 | implicit-deref url [postupdate] | builtin.go:154:2:154:4 | url [postupdate] | provenance |  |
 | builtin.go:154:2:154:4 | url [postupdate] | builtin.go:156:21:156:23 | url | provenance |  |
-| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit dereference [postupdate] | provenance | Config |
+| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit-deref url [postupdate] | provenance | Config |
 | builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | url [postupdate] | provenance | Config |
 | builtin.go:156:21:156:23 | url | builtin.go:156:21:156:32 | call to String | provenance | MaD:12 |
 | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3  |
@@ -43,8 +43,8 @@ edges
 | new-tests.go:35:49:35:57 | selection of word | new-tests.go:35:12:35:58 | call to Sprintf | provenance | FunctionModel |
 | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:1  |
 | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2  |
-| new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance |  |
-| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:13 |
+| new-tests.go:62:2:62:39 | extract:0 ... := ... | new-tests.go:63:17:63:23 | reqBody | provenance |  |
+| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | extract:0 ... := ... | provenance | Src:MaD:6 MaD:13 |
 | new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... [postupdate] | provenance | MaD:10 |
 | new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:68:48:68:56 | selection of word | provenance |  |
 | new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:69:48:69:56 | selection of safe | provenance |  |
@@ -95,7 +95,7 @@ nodes
 | builtin.go:130:21:130:31 | call to Referer | semmle.label | call to Referer |
 | builtin.go:133:38:133:51 | untrustedInput | semmle.label | untrustedInput |
 | builtin.go:151:16:151:36 | call to FormValue | semmle.label | call to FormValue |
-| builtin.go:154:2:154:4 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
+| builtin.go:154:2:154:4 | implicit-deref url [postupdate] | semmle.label | implicit-deref url [postupdate] |
 | builtin.go:154:2:154:4 | url [postupdate] | semmle.label | url [postupdate] |
 | builtin.go:154:13:154:22 | unsafehost | semmle.label | unsafehost |
 | builtin.go:156:21:156:23 | url | semmle.label | url |
@@ -114,7 +114,7 @@ nodes
 | new-tests.go:47:11:47:46 | ...+... | semmle.label | ...+... |
 | new-tests.go:49:18:49:30 | call to Query | semmle.label | call to Query |
 | new-tests.go:50:11:50:46 | ...+... | semmle.label | ...+... |
-| new-tests.go:62:2:62:39 | ... := ...[0] | semmle.label | ... := ...[0] |
+| new-tests.go:62:2:62:39 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
 | new-tests.go:62:31:62:38 | selection of Body | semmle.label | selection of Body |
 | new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody |
 | new-tests.go:63:26:63:30 | &... [postupdate] | semmle.label | &... [postupdate] |
diff --git a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
index 728d0b54da8..731d55a8304 100644
--- a/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
+++ b/go/ql/test/experimental/Unsafe/WrongUsageOfUnsafe.expected
@@ -22,8 +22,8 @@ edges
 | WrongUsageOfUnsafe.go:166:33:166:57 | type conversion | WrongUsageOfUnsafe.go:166:16:166:58 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:189:31:189:55 | type conversion | WrongUsageOfUnsafe.go:189:16:189:56 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | provenance |  |
-| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | provenance |  |
-| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
+| WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | WrongUsageOfUnsafe.go:236:53:245:1 | SSA def(req) | provenance |  |
+| WrongUsageOfUnsafe.go:236:53:245:1 | SSA def(req) | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:274:25:274:49 | type conversion | WrongUsageOfUnsafe.go:274:16:274:50 | type conversion | provenance |  |
 | WrongUsageOfUnsafe.go:292:23:292:47 | type conversion | WrongUsageOfUnsafe.go:292:16:292:48 | type conversion | provenance |  |
@@ -51,7 +51,7 @@ nodes
 | WrongUsageOfUnsafe.go:211:16:211:61 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:211:31:211:60 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:227:31:227:55 | type conversion | semmle.label | type conversion |
-| WrongUsageOfUnsafe.go:236:21:236:23 | SSA def(req) | semmle.label | SSA def(req) |
+| WrongUsageOfUnsafe.go:236:53:245:1 | SSA def(req) | semmle.label | SSA def(req) |
 | WrongUsageOfUnsafe.go:243:9:243:27 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:16:256:53 | type conversion | semmle.label | type conversion |
 | WrongUsageOfUnsafe.go:256:28:256:52 | type conversion | semmle.label | type conversion |
diff --git a/go/ql/test/library-tests/semmle/go/Scopes/EntityWrite.expected b/go/ql/test/library-tests/semmle/go/Scopes/EntityWrite.expected
index 843922048a0..0942ba5fba2 100644
--- a/go/ql/test/library-tests/semmle/go/Scopes/EntityWrite.expected
+++ b/go/ql/test/library-tests/semmle/go/Scopes/EntityWrite.expected
@@ -1,6 +1,6 @@
 | main.go:6:2:6:2 | x | main.go:24:2:24:9 | increment statement |
-| main.go:13:7:13:10 | recv | main.go:13:7:13:10 | initialization of recv |
-| main.go:17:10:17:10 | x | main.go:17:10:17:10 | initialization of x |
-| main.go:17:26:17:26 | y | main.go:17:26:17:26 | initialization of y |
-| main.go:23:7:23:10 | recv | main.go:23:7:23:10 | initialization of recv |
-| types.go:33:22:33:22 | a | types.go:33:22:33:22 | initialization of a |
+| main.go:13:7:13:10 | recv | main.go:13:27:15:1 | param-init:-1 block statement |
+| main.go:17:10:17:10 | x | main.go:17:32:21:1 | param-init:0 block statement |
+| main.go:17:26:17:26 | y | main.go:17:32:21:1 | param-init:1 block statement |
+| main.go:23:7:23:10 | recv | main.go:23:23:25:1 | param-init:-1 block statement |
+| types.go:33:22:33:22 | a | types.go:33:34:35:1 | param-init:0 block statement |
diff --git a/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected b/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected
index 9db748ebabd..acd73e5a79e 100644
--- a/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected
+++ b/go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected
@@ -1,2 +1,2 @@
-| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:7 | SSA def(result) | result | tests.go:59:10:59:12 | SSA def(err) | err |
-| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:7 | SSA def(result) | result | tests.go:241:10:241:12 | SSA def(err) | err |
+| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:30 | SSA def(result) | result | tests.go:59:2:59:30 | SSA def(err) | err |
+| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:37 | SSA def(result) | result | tests.go:241:2:241:37 | SSA def(err) | err |
diff --git a/go/ql/test/query-tests/RedundantCode/DeadStoreOfField/DeadStoreOfField.expected b/go/ql/test/query-tests/RedundantCode/DeadStoreOfField/DeadStoreOfField.expected
index 68935b96eca..1041d7138f7 100644
--- a/go/ql/test/query-tests/RedundantCode/DeadStoreOfField/DeadStoreOfField.expected
+++ b/go/ql/test/query-tests/RedundantCode/DeadStoreOfField/DeadStoreOfField.expected
@@ -1 +1 @@
-| DeadStoreOfField.go:8:2:8:6 | assignment to field val | This assignment to val is useless since its value is never read. |
+| DeadStoreOfField.go:8:2:8:10 | assign:0 ... = ... | This assignment to val is useless since its value is never read. |
diff --git a/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected b/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected
index 73e5f0aa503..505af589338 100644
--- a/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected
+++ b/go/ql/test/query-tests/Security/CWE-022/UnsafeUnzipSymlink.expected
@@ -5,18 +5,18 @@
 | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | symlink creation |
 | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | Unresolved path from an archive header, which may point outside the archive root, is used in $@. | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | symlink creation |
 edges
-| UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | provenance | Sink:MaD:1 |
-| UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | provenance | Sink:MaD:1 |
-| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | provenance |  |
-| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | provenance |  |
+| UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(fileName) | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | provenance | Sink:MaD:1 |
+| UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(linkName) | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | provenance | Sink:MaD:1 |
+| UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(linkName) | provenance |  |
+| UnsafeUnzipSymlink.go:126:34:126:44 | selection of Name | UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(fileName) | provenance |  |
 models
 | 1 | Sink: os; ; false; Symlink; ; ; Argument[0..1]; path-injection; manual |
 nodes
 | UnsafeUnzipSymlink.go:31:15:31:29 | selection of Linkname | semmle.label | selection of Linkname |
 | UnsafeUnzipSymlink.go:31:32:31:42 | selection of Name | semmle.label | selection of Name |
 | UnsafeUnzipSymlink.go:43:25:43:35 | selection of Name | semmle.label | selection of Name |
-| UnsafeUnzipSymlink.go:111:19:111:26 | SSA def(linkName) | semmle.label | SSA def(linkName) |
-| UnsafeUnzipSymlink.go:111:29:111:36 | SSA def(fileName) | semmle.label | SSA def(fileName) |
+| UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(fileName) | semmle.label | SSA def(fileName) |
+| UnsafeUnzipSymlink.go:111:46:113:1 | SSA def(linkName) | semmle.label | SSA def(linkName) |
 | UnsafeUnzipSymlink.go:112:13:112:20 | linkName | semmle.label | linkName |
 | UnsafeUnzipSymlink.go:112:23:112:30 | fileName | semmle.label | fileName |
 | UnsafeUnzipSymlink.go:126:17:126:31 | selection of Linkname | semmle.label | selection of Linkname |
diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
index 510f18ca0c4..70037706cfd 100644
--- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
+++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
@@ -8,6 +8,8 @@
 | main.go:16:11:16:85 | call to Sprintf | main.go:16:63:16:70 | selection of Header | main.go:16:11:16:85 | call to Sprintf | This query depends on a $@. | main.go:16:63:16:70 | selection of Header | user-provided value |
 | main.go:35:11:35:11 | q | main.go:30:13:30:19 | selection of URL | main.go:35:11:35:11 | q | This query depends on a $@. | main.go:30:13:30:19 | selection of URL | user-provided value |
 | main.go:44:11:44:11 | q | main.go:40:25:40:31 | selection of URL | main.go:44:11:44:11 | q | This query depends on a $@. | main.go:40:25:40:31 | selection of URL | user-provided value |
+| main.go:53:11:53:11 | q | main.go:49:28:49:34 | selection of URL | main.go:53:11:53:11 | q | This query depends on a $@. | main.go:49:28:49:34 | selection of URL | user-provided value |
+| main.go:62:11:62:11 | q | main.go:58:28:58:34 | selection of URL | main.go:62:11:62:11 | q | This query depends on a $@. | main.go:58:28:58:34 | selection of URL | user-provided value |
 | mongoDB.go:57:22:57:29 | pipeline | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:57:22:57:29 | pipeline | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
 | mongoDB.go:61:27:61:32 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:61:27:61:32 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
 | mongoDB.go:63:23:63:28 | filter | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:63:23:63:28 | filter | This query depends on a $@. | mongoDB.go:40:20:40:30 | call to Referer | user-provided value |
@@ -85,6 +87,28 @@ edges
 | main.go:43:3:43:13 | implicit-deref RequestData [Category] | main.go:43:3:43:22 | selection of Category | provenance |  |
 | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | []type{args} [array] | provenance |  |
 | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | call to Sprintf | provenance | FunctionModel |
+| main.go:49:3:49:14 | star expression [postupdate] [Category] | main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | provenance |  |
+| main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance |  |
+| main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | Src:MaD:21 MaD:26 |
+| main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance |  |
+| main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [postupdate] [Category] | provenance |  |
+| main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:23 |
+| main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | Sink:MaD:1 |
+| main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit-deref RequestData [Category] | provenance |  |
+| main.go:52:3:52:13 | implicit-deref RequestData [Category] | main.go:52:3:52:22 | selection of Category | provenance |  |
+| main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | []type{args} [array] | provenance |  |
+| main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | call to Sprintf | provenance | FunctionModel |
+| main.go:58:3:58:14 | star expression [postupdate] [Category] | main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | provenance |  |
+| main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance |  |
+| main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | Src:MaD:21 MaD:26 |
+| main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance |  |
+| main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [postupdate] [Category] | provenance |  |
+| main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:23 |
+| main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | Sink:MaD:1 |
+| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance |  |
+| main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | call to Sprintf | provenance | FunctionModel |
+| main.go:61:4:61:15 | star expression [Category] | main.go:61:3:61:25 | selection of Category | provenance |  |
+| main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance |  |
 | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:20  |
 | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance |  |
 | mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal | provenance | Config |
@@ -194,6 +218,28 @@ nodes
 | main.go:43:3:43:13 | implicit-deref RequestData [Category] | semmle.label | implicit-deref RequestData [Category] |
 | main.go:43:3:43:22 | selection of Category | semmle.label | selection of Category |
 | main.go:44:11:44:11 | q | semmle.label | q |
+| main.go:49:3:49:14 | star expression [postupdate] [Category] | semmle.label | star expression [postupdate] [Category] |
+| main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] |
+| main.go:49:28:49:34 | selection of URL | semmle.label | selection of URL |
+| main.go:49:28:49:42 | call to Query | semmle.label | call to Query |
+| main.go:49:28:49:54 | index expression | semmle.label | index expression |
+| main.go:51:7:52:23 | []type{args} [array] | semmle.label | []type{args} [array] |
+| main.go:51:7:52:23 | call to Sprintf | semmle.label | call to Sprintf |
+| main.go:52:3:52:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
+| main.go:52:3:52:13 | implicit-deref RequestData [Category] | semmle.label | implicit-deref RequestData [Category] |
+| main.go:52:3:52:22 | selection of Category | semmle.label | selection of Category |
+| main.go:53:11:53:11 | q | semmle.label | q |
+| main.go:58:3:58:14 | star expression [postupdate] [Category] | semmle.label | star expression [postupdate] [Category] |
+| main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] |
+| main.go:58:28:58:34 | selection of URL | semmle.label | selection of URL |
+| main.go:58:28:58:42 | call to Query | semmle.label | call to Query |
+| main.go:58:28:58:54 | index expression | semmle.label | index expression |
+| main.go:60:7:61:26 | []type{args} [array] | semmle.label | []type{args} [array] |
+| main.go:60:7:61:26 | call to Sprintf | semmle.label | call to Sprintf |
+| main.go:61:3:61:25 | selection of Category | semmle.label | selection of Category |
+| main.go:61:4:61:15 | star expression [Category] | semmle.label | star expression [Category] |
+| main.go:61:5:61:15 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
+| main.go:62:11:62:11 | q | semmle.label | q |
 | mongoDB.go:40:20:40:30 | call to Referer | semmle.label | call to Referer |
 | mongoDB.go:42:19:42:42 | struct literal | semmle.label | struct literal |
 | mongoDB.go:42:28:42:41 | untrustedInput | semmle.label | untrustedInput |
@@ -214,8 +260,3 @@ nodes
 | mongoDB.go:80:22:80:27 | filter | semmle.label | filter |
 | mongoDB.go:81:18:81:25 | pipeline | semmle.label | pipeline |
 subpaths
-testFailures
-| main.go:49:56:49:84 | comment | Missing result: Source[go/sql-injection] |
-| main.go:53:14:53:41 | comment | Missing result: Alert[go/sql-injection] |
-| main.go:58:56:58:84 | comment | Missing result: Source[go/sql-injection] |
-| main.go:62:14:62:41 | comment | Missing result: Alert[go/sql-injection] |
diff --git a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
index ec1835a6f8a..f21d5dd184b 100644
--- a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
+++ b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected
@@ -1,22 +1,22 @@
 #select
-| AllocationSizeOverflow.go:10:10:10:22 | call to len | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:10:10:22 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | AllocationSizeOverflow.go:11:25:11:28 | size | allocation | AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | potentially large value |
-| tst2.go:10:22:10:30 | call to len | tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:22:10:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:10:22:10:32 | ...+... | allocation | tst2.go:9:2:9:37 | ... := ...[0] | potentially large value |
-| tst2.go:15:22:15:30 | call to len | tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:22:15:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:15:22:15:32 | ...+... | allocation | tst2.go:14:2:14:29 | ... := ...[0] | potentially large value |
-| tst3.go:7:22:7:34 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:22:7:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:7:22:7:36 | ...+... | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
-| tst3.go:24:16:24:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:16:24:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:27:24:27:32 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
-| tst3.go:32:16:32:28 | call to len | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:16:32:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:36:23:36:31 | newlength | allocation | tst3.go:6:2:6:31 | ... := ...[0] | potentially large value |
-| tst.go:15:22:15:34 | call to len | tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:22:15:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:15:22:15:36 | ...+... | allocation | tst.go:14:2:14:30 | ... = ...[0] | potentially large value |
-| tst.go:21:22:21:34 | call to len | tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:22:21:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:21:22:21:36 | ...+... | allocation | tst.go:20:2:20:31 | ... = ...[0] | potentially large value |
-| tst.go:27:26:27:38 | call to len | tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:26:27:38 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:27:26:27:40 | ...+... | allocation | tst.go:26:2:26:31 | ... = ...[0] | potentially large value |
-| tst.go:35:22:35:34 | call to len | tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:22:35:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:35:22:35:36 | ...+... | allocation | tst.go:34:2:34:30 | ... = ...[0] | potentially large value |
+| AllocationSizeOverflow.go:10:10:10:22 | call to len | AllocationSizeOverflow.go:6:2:6:33 | extract:0 ... := ... | AllocationSizeOverflow.go:10:10:10:22 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | AllocationSizeOverflow.go:11:25:11:28 | size | allocation | AllocationSizeOverflow.go:6:2:6:33 | extract:0 ... := ... | potentially large value |
+| tst2.go:10:22:10:30 | call to len | tst2.go:9:2:9:37 | extract:0 ... := ... | tst2.go:10:22:10:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:10:22:10:32 | ...+... | allocation | tst2.go:9:2:9:37 | extract:0 ... := ... | potentially large value |
+| tst2.go:15:22:15:30 | call to len | tst2.go:14:2:14:29 | extract:0 ... := ... | tst2.go:15:22:15:30 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst2.go:15:22:15:32 | ...+... | allocation | tst2.go:14:2:14:29 | extract:0 ... := ... | potentially large value |
+| tst3.go:7:22:7:34 | call to len | tst3.go:6:2:6:31 | extract:0 ... := ... | tst3.go:7:22:7:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:7:22:7:36 | ...+... | allocation | tst3.go:6:2:6:31 | extract:0 ... := ... | potentially large value |
+| tst3.go:24:16:24:28 | call to len | tst3.go:6:2:6:31 | extract:0 ... := ... | tst3.go:24:16:24:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:27:24:27:32 | newlength | allocation | tst3.go:6:2:6:31 | extract:0 ... := ... | potentially large value |
+| tst3.go:32:16:32:28 | call to len | tst3.go:6:2:6:31 | extract:0 ... := ... | tst3.go:32:16:32:28 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst3.go:36:23:36:31 | newlength | allocation | tst3.go:6:2:6:31 | extract:0 ... := ... | potentially large value |
+| tst.go:15:22:15:34 | call to len | tst.go:14:2:14:30 | extract:0 ... = ... | tst.go:15:22:15:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:15:22:15:36 | ...+... | allocation | tst.go:14:2:14:30 | extract:0 ... = ... | potentially large value |
+| tst.go:21:22:21:34 | call to len | tst.go:20:2:20:31 | extract:0 ... = ... | tst.go:21:22:21:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:21:22:21:36 | ...+... | allocation | tst.go:20:2:20:31 | extract:0 ... = ... | potentially large value |
+| tst.go:27:26:27:38 | call to len | tst.go:26:2:26:31 | extract:0 ... = ... | tst.go:27:26:27:38 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:27:26:27:40 | ...+... | allocation | tst.go:26:2:26:31 | extract:0 ... = ... | potentially large value |
+| tst.go:35:22:35:34 | call to len | tst.go:34:2:34:30 | extract:0 ... = ... | tst.go:35:22:35:34 | call to len | This operation, which is used in an $@, involves a $@ and might overflow. | tst.go:35:22:35:36 | ...+... | allocation | tst.go:34:2:34:30 | extract:0 ... = ... | potentially large value |
 edges
-| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | AllocationSizeOverflow.go:10:14:10:21 | jsonData | provenance |  |
+| AllocationSizeOverflow.go:6:2:6:33 | extract:0 ... := ... | AllocationSizeOverflow.go:10:14:10:21 | jsonData | provenance |  |
 | AllocationSizeOverflow.go:10:14:10:21 | jsonData | AllocationSizeOverflow.go:10:10:10:22 | call to len | provenance | Config |
-| tst2.go:9:2:9:37 | ... := ...[0] | tst2.go:10:26:10:29 | data | provenance | Src:MaD:1  |
+| tst2.go:9:2:9:37 | extract:0 ... := ... | tst2.go:10:26:10:29 | data | provenance | Src:MaD:1  |
 | tst2.go:10:26:10:29 | data | tst2.go:10:22:10:30 | call to len | provenance | Config |
-| tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:26:15:29 | data | provenance |  |
+| tst2.go:14:2:14:29 | extract:0 ... := ... | tst2.go:15:26:15:29 | data | provenance |  |
 | tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance | Config |
-| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:26:7:33 | jsonData | provenance |  |
+| tst3.go:6:2:6:31 | extract:0 ... := ... | tst3.go:7:26:7:33 | jsonData | provenance |  |
 | tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance | Config |
 | tst3.go:7:26:7:33 | jsonData | tst3.go:9:32:9:39 | jsonData | provenance |  |
 | tst3.go:9:32:9:39 | jsonData | tst3.go:11:9:11:16 | jsonData | provenance |  |
@@ -25,27 +25,27 @@ edges
 | tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance | Config |
 | tst3.go:24:20:24:27 | jsonData | tst3.go:32:20:32:27 | jsonData | provenance |  |
 | tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance | Config |
-| tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:26:15:33 | jsonData | provenance |  |
+| tst.go:14:2:14:30 | extract:0 ... = ... | tst.go:15:26:15:33 | jsonData | provenance |  |
 | tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance | Config |
-| tst.go:20:2:20:31 | ... = ...[0] | tst.go:21:26:21:33 | jsonData | provenance |  |
+| tst.go:20:2:20:31 | extract:0 ... = ... | tst.go:21:26:21:33 | jsonData | provenance |  |
 | tst.go:21:26:21:33 | jsonData | tst.go:21:22:21:34 | call to len | provenance | Config |
-| tst.go:26:2:26:31 | ... = ...[0] | tst.go:27:30:27:37 | jsonData | provenance |  |
+| tst.go:26:2:26:31 | extract:0 ... = ... | tst.go:27:30:27:37 | jsonData | provenance |  |
 | tst.go:27:30:27:37 | jsonData | tst.go:27:26:27:38 | call to len | provenance | Config |
-| tst.go:34:2:34:30 | ... = ...[0] | tst.go:35:26:35:33 | jsonData | provenance |  |
+| tst.go:34:2:34:30 | extract:0 ... = ... | tst.go:35:26:35:33 | jsonData | provenance |  |
 | tst.go:35:26:35:33 | jsonData | tst.go:35:22:35:34 | call to len | provenance | Config |
 models
 | 1 | Source: io/ioutil; ; false; ReadFile; ; ; ReturnValue[0]; file; manual |
 nodes
-| AllocationSizeOverflow.go:6:2:6:33 | ... := ...[0] | semmle.label | ... := ...[0] |
+| AllocationSizeOverflow.go:6:2:6:33 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
 | AllocationSizeOverflow.go:10:10:10:22 | call to len | semmle.label | call to len |
 | AllocationSizeOverflow.go:10:14:10:21 | jsonData | semmle.label | jsonData |
-| tst2.go:9:2:9:37 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tst2.go:9:2:9:37 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
 | tst2.go:10:22:10:30 | call to len | semmle.label | call to len |
 | tst2.go:10:26:10:29 | data | semmle.label | data |
-| tst2.go:14:2:14:29 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tst2.go:14:2:14:29 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
 | tst2.go:15:22:15:30 | call to len | semmle.label | call to len |
 | tst2.go:15:26:15:29 | data | semmle.label | data |
-| tst3.go:6:2:6:31 | ... := ...[0] | semmle.label | ... := ...[0] |
+| tst3.go:6:2:6:31 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
 | tst3.go:7:22:7:34 | call to len | semmle.label | call to len |
 | tst3.go:7:26:7:33 | jsonData | semmle.label | jsonData |
 | tst3.go:9:32:9:39 | jsonData | semmle.label | jsonData |
@@ -55,16 +55,16 @@ nodes
 | tst3.go:24:20:24:27 | jsonData | semmle.label | jsonData |
 | tst3.go:32:16:32:28 | call to len | semmle.label | call to len |
 | tst3.go:32:20:32:27 | jsonData | semmle.label | jsonData |
-| tst.go:14:2:14:30 | ... = ...[0] | semmle.label | ... = ...[0] |
+| tst.go:14:2:14:30 | extract:0 ... = ... | semmle.label | extract:0 ... = ... |
 | tst.go:15:22:15:34 | call to len | semmle.label | call to len |
 | tst.go:15:26:15:33 | jsonData | semmle.label | jsonData |
-| tst.go:20:2:20:31 | ... = ...[0] | semmle.label | ... = ...[0] |
+| tst.go:20:2:20:31 | extract:0 ... = ... | semmle.label | extract:0 ... = ... |
 | tst.go:21:22:21:34 | call to len | semmle.label | call to len |
 | tst.go:21:26:21:33 | jsonData | semmle.label | jsonData |
-| tst.go:26:2:26:31 | ... = ...[0] | semmle.label | ... = ...[0] |
+| tst.go:26:2:26:31 | extract:0 ... = ... | semmle.label | extract:0 ... = ... |
 | tst.go:27:26:27:38 | call to len | semmle.label | call to len |
 | tst.go:27:30:27:37 | jsonData | semmle.label | jsonData |
-| tst.go:34:2:34:30 | ... = ...[0] | semmle.label | ... = ...[0] |
+| tst.go:34:2:34:30 | extract:0 ... = ... | semmle.label | extract:0 ... = ... |
 | tst.go:35:22:35:34 | call to len | semmle.label | call to len |
 | tst.go:35:26:35:33 | jsonData | semmle.label | jsonData |
 subpaths
diff --git a/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/DisabledCertificateCheck.expected b/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/DisabledCertificateCheck.expected
index 6e7de24be8e..fc99e821181 100644
--- a/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/DisabledCertificateCheck.expected
+++ b/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/DisabledCertificateCheck.expected
@@ -1,4 +1,4 @@
-| DisabledCertificateCheck.go:10:32:10:55 | init of key-value pair | InsecureSkipVerify should not be used in production code. |
-| main.go:9:2:9:23 | assignment to field InsecureSkipVerify | InsecureSkipVerify should not be used in production code. |
-| main.go:57:21:57:44 | init of key-value pair | InsecureSkipVerify should not be used in production code. |
-| main.go:62:32:62:55 | init of key-value pair | InsecureSkipVerify should not be used in production code. |
+| DisabledCertificateCheck.go:10:32:10:55 | lit-init key-value pair | InsecureSkipVerify should not be used in production code. |
+| main.go:9:2:9:30 | assign:0 ... = ... | InsecureSkipVerify should not be used in production code. |
+| main.go:57:21:57:44 | lit-init key-value pair | InsecureSkipVerify should not be used in production code. |
+| main.go:62:32:62:55 | lit-init key-value pair | InsecureSkipVerify should not be used in production code. |
diff --git a/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected b/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
index 0f0bc8bf259..a4876c05b0e 100644
--- a/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
+++ b/go/ql/test/query-tests/Security/CWE-322/InsecureHostKeyCallback.expected
@@ -8,18 +8,18 @@ edges
 | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:32:3:34:3 | function literal | InsecureHostKeyCallbackExample.go:31:14:34:4 | type conversion | provenance |  |
 | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance |  |
-| InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:68:78:80:1 | SSA def(callback) | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | provenance |  |
+| InsecureHostKeyCallbackExample.go:94:3:94:43 | extract:0 ... := ... | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | provenance |  |
 | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:107:35:107:50 | insecureCallback | InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | provenance |  |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | provenance |  |
 | InsecureHostKeyCallbackExample.go:110:3:115:3 | function literal | InsecureHostKeyCallbackExample.go:109:31:115:4 | type conversion | provenance |  |
-| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
-| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | provenance |  |
-| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:117:35:117:59 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:118:35:118:61 | call to InsecureIgnoreHostKey | InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | provenance |  |
+| InsecureHostKeyCallbackExample.go:120:44:120:68 | potentiallySecureCallback | InsecureHostKeyCallbackExample.go:68:78:80:1 | SSA def(callback) | provenance |  |
 nodes
 | InsecureHostKeyCallbackExample.go:15:20:18:5 | type conversion | semmle.label | type conversion |
 | InsecureHostKeyCallbackExample.go:16:4:18:4 | function literal | semmle.label | function literal |
@@ -29,13 +29,13 @@ nodes
 | InsecureHostKeyCallbackExample.go:39:20:39:27 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:45:3:47:3 | function literal | semmle.label | function literal |
 | InsecureHostKeyCallbackExample.go:52:20:52:48 | type conversion | semmle.label | type conversion |
-| InsecureHostKeyCallbackExample.go:58:39:58:46 | SSA def(callback) | semmle.label | SSA def(callback) |
+| InsecureHostKeyCallbackExample.go:58:69:64:1 | SSA def(callback) | semmle.label | SSA def(callback) |
 | InsecureHostKeyCallbackExample.go:62:20:62:27 | callback | semmle.label | callback |
-| InsecureHostKeyCallbackExample.go:68:48:68:55 | SSA def(callback) | semmle.label | SSA def(callback) |
+| InsecureHostKeyCallbackExample.go:68:78:80:1 | SSA def(callback) | semmle.label | SSA def(callback) |
 | InsecureHostKeyCallbackExample.go:76:28:76:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
 | InsecureHostKeyCallbackExample.go:78:28:78:35 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:92:28:92:54 | call to InsecureIgnoreHostKey | semmle.label | call to InsecureIgnoreHostKey |
-| InsecureHostKeyCallbackExample.go:94:3:94:43 | ... := ...[0] | semmle.label | ... := ...[0] |
+| InsecureHostKeyCallbackExample.go:94:3:94:43 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
 | InsecureHostKeyCallbackExample.go:95:28:95:35 | callback | semmle.label | callback |
 | InsecureHostKeyCallbackExample.go:102:22:105:4 | type conversion | semmle.label | type conversion |
 | InsecureHostKeyCallbackExample.go:103:3:105:3 | function literal | semmle.label | function literal |
diff --git a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
index 9135bafbf54..89f9701dce6 100644
--- a/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
+++ b/go/ql/test/query-tests/Security/CWE-601/BadRedirectCheck/BadRedirectCheck.expected
@@ -1,63 +1,76 @@
 #select
-| BadRedirectCheck.go:4:23:4:37 | ...==... | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
-| BadRedirectCheck.go:4:23:4:37 | ...==... | main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:10:18:10:25 | argument corresponding to redirect | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
-| cves.go:11:26:11:38 | ...==... | cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:14:23:14:25 | argument corresponding to url | this value | cves.go:16:26:16:28 | url | redirect |
+| BadRedirectCheck.go:4:23:4:37 | ...==... | BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
+| BadRedirectCheck.go:4:23:4:37 | ...==... | main.go:10:78:12:1 | arg:0 block statement | main.go:11:25:11:45 | call to sanitizeUrl | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:10:78:12:1 | arg:0 block statement | this value | main.go:11:25:11:45 | call to sanitizeUrl | redirect |
+| cves.go:11:26:11:38 | ...==... | cves.go:14:78:18:1 | arg:0 block statement | cves.go:16:26:16:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:14:78:18:1 | arg:0 block statement | this value | cves.go:16:26:16:28 | url | redirect |
 | cves.go:34:6:34:37 | call to HasPrefix | cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:33:14:33:34 | call to Get | this value | cves.go:37:25:37:32 | redirect | redirect |
 | cves.go:42:6:42:37 | call to HasPrefix | cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | cves.go:41:14:41:34 | call to Get | this value | cves.go:45:25:45:32 | redirect | redirect |
-| main.go:25:7:25:38 | call to HasPrefix | main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:32:24:32:26 | argument corresponding to url | this value | main.go:34:26:34:28 | url | redirect |
-| main.go:69:5:69:22 | ...!=... | main.go:68:17:68:24 | argument corresponding to redirect | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:68:17:68:24 | argument corresponding to redirect | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
-| main.go:69:5:69:22 | ...!=... | main.go:76:19:76:21 | argument corresponding to url | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:76:19:76:21 | argument corresponding to url | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
+| main.go:25:7:25:38 | call to HasPrefix | main.go:32:79:36:1 | arg:0 block statement | main.go:34:26:34:28 | url | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:32:79:36:1 | arg:0 block statement | this value | main.go:34:26:34:28 | url | redirect |
+| main.go:69:5:69:22 | ...!=... | main.go:68:41:74:1 | arg:0 block statement | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:68:41:74:1 | arg:0 block statement | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
+| main.go:69:5:69:22 | ...!=... | main.go:76:74:78:1 | arg:0 block statement | main.go:77:25:77:39 | call to getTarget1 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:76:74:78:1 | arg:0 block statement | this value | main.go:77:25:77:39 | call to getTarget1 | redirect |
 | main.go:83:5:83:20 | ...!=... | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | This is a check that $@, which flows into a $@, has a leading slash, but not that it does not have '/' or '\\' in its second position. | main.go:87:9:87:14 | selection of Path | this value | main.go:91:25:91:39 | call to getTarget2 | redirect |
 edges
-| BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
-| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
+| BadRedirectCheck.go:3:39:8:1 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
+| BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | BadRedirectCheck.go:5:10:5:14 | redir | provenance |  |
 | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl | provenance | Sink:MaD:1 |
-| cves.go:14:23:14:25 | argument corresponding to url | cves.go:16:26:16:28 | url | provenance | Sink:MaD:1 |
+| cves.go:14:78:18:1 | arg:0 block statement | cves.go:16:26:16:28 | url | provenance | Sink:MaD:1 |
 | cves.go:33:14:33:34 | call to Get | cves.go:37:25:37:32 | redirect | provenance | Sink:MaD:1 |
 | cves.go:41:14:41:34 | call to Get | cves.go:45:25:45:32 | redirect | provenance | Sink:MaD:1 |
-| main.go:10:18:10:25 | argument corresponding to redirect | main.go:11:37:11:44 | redirect | provenance |  |
-| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | provenance |  |
+| main.go:10:78:12:1 | arg:0 block statement | main.go:11:37:11:44 | redirect | provenance |  |
+| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:39:8:1 | SSA def(redir) | provenance |  |
 | main.go:11:37:11:44 | redirect | main.go:11:25:11:45 | call to sanitizeUrl | provenance | Sink:MaD:1 |
-| main.go:32:24:32:26 | argument corresponding to url | main.go:34:26:34:28 | url | provenance | Sink:MaD:1 |
-| main.go:68:17:68:24 | SSA def(redirect) | main.go:73:20:73:27 | redirect | provenance |  |
-| main.go:68:17:68:24 | argument corresponding to redirect | main.go:73:20:73:27 | redirect | provenance |  |
+| main.go:32:79:36:1 | arg:0 block statement | main.go:34:26:34:28 | url | provenance | Sink:MaD:1 |
+| main.go:68:41:74:1 | SSA def(redirect) | main.go:73:20:73:27 | redirect | provenance |  |
+| main.go:68:41:74:1 | arg:0 block statement | main.go:73:20:73:27 | redirect | provenance |  |
 | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 | provenance | Sink:MaD:1 |
 | main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:2 |
 | main.go:73:20:73:27 | redirect | main.go:73:9:73:28 | call to Clean | provenance | MaD:2 |
-| main.go:76:19:76:21 | argument corresponding to url | main.go:77:36:77:38 | url | provenance |  |
-| main.go:77:36:77:38 | url | main.go:68:17:68:24 | SSA def(redirect) | provenance |  |
+| main.go:76:74:78:1 | arg:0 block statement | main.go:77:36:77:38 | url | provenance |  |
+| main.go:77:36:77:38 | url | main.go:68:41:74:1 | SSA def(redirect) | provenance |  |
 | main.go:77:36:77:38 | url | main.go:77:25:77:39 | call to getTarget1 | provenance | MaD:2 Sink:MaD:1 |
 | main.go:87:9:87:14 | selection of Path | main.go:91:25:91:39 | call to getTarget2 | provenance | Sink:MaD:1 |
 models
 | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual |
 | 2 | Summary: path; ; false; Clean; ; ; Argument[0]; ReturnValue; taint; manual |
 nodes
-| BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | semmle.label | SSA def(redir) |
-| BadRedirectCheck.go:3:18:3:22 | argument corresponding to redir | semmle.label | argument corresponding to redir |
+| BadRedirectCheck.go:3:39:8:1 | SSA def(redir) | semmle.label | SSA def(redir) |
+| BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | semmle.label | arg:0 block statement |
 | BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir |
 | BadRedirectCheck.go:5:10:5:14 | redir | semmle.label | redir |
-| cves.go:14:23:14:25 | argument corresponding to url | semmle.label | argument corresponding to url |
+| cves.go:14:78:18:1 | arg:0 block statement | semmle.label | arg:0 block statement |
 | cves.go:16:26:16:28 | url | semmle.label | url |
 | cves.go:33:14:33:34 | call to Get | semmle.label | call to Get |
 | cves.go:37:25:37:32 | redirect | semmle.label | redirect |
 | cves.go:41:14:41:34 | call to Get | semmle.label | call to Get |
 | cves.go:45:25:45:32 | redirect | semmle.label | redirect |
-| main.go:10:18:10:25 | argument corresponding to redirect | semmle.label | argument corresponding to redirect |
+| main.go:10:78:12:1 | arg:0 block statement | semmle.label | arg:0 block statement |
 | main.go:11:25:11:45 | call to sanitizeUrl | semmle.label | call to sanitizeUrl |
 | main.go:11:37:11:44 | redirect | semmle.label | redirect |
-| main.go:32:24:32:26 | argument corresponding to url | semmle.label | argument corresponding to url |
+| main.go:32:79:36:1 | arg:0 block statement | semmle.label | arg:0 block statement |
 | main.go:34:26:34:28 | url | semmle.label | url |
-| main.go:68:17:68:24 | SSA def(redirect) | semmle.label | SSA def(redirect) |
-| main.go:68:17:68:24 | argument corresponding to redirect | semmle.label | argument corresponding to redirect |
+| main.go:68:41:74:1 | SSA def(redirect) | semmle.label | SSA def(redirect) |
+| main.go:68:41:74:1 | arg:0 block statement | semmle.label | arg:0 block statement |
 | main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
 | main.go:73:9:73:28 | call to Clean | semmle.label | call to Clean |
 | main.go:73:20:73:27 | redirect | semmle.label | redirect |
 | main.go:73:20:73:27 | redirect | semmle.label | redirect |
-| main.go:76:19:76:21 | argument corresponding to url | semmle.label | argument corresponding to url |
+| main.go:76:74:78:1 | arg:0 block statement | semmle.label | arg:0 block statement |
 | main.go:77:25:77:39 | call to getTarget1 | semmle.label | call to getTarget1 |
 | main.go:77:36:77:38 | url | semmle.label | url |
 | main.go:87:9:87:14 | selection of Path | semmle.label | selection of Path |
 | main.go:91:25:91:39 | call to getTarget2 | semmle.label | call to getTarget2 |
 subpaths
-| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:18:3:22 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
-| main.go:77:36:77:38 | url | main.go:68:17:68:24 | SSA def(redirect) | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |
+| main.go:11:37:11:44 | redirect | BadRedirectCheck.go:3:39:8:1 | SSA def(redir) | BadRedirectCheck.go:5:10:5:14 | redir | main.go:11:25:11:45 | call to sanitizeUrl |
+| main.go:77:36:77:38 | url | main.go:68:41:74:1 | SSA def(redirect) | main.go:73:9:73:28 | call to Clean | main.go:77:25:77:39 | call to getTarget1 |
+testFailures
+| BadRedirectCheck.go:3:39:8:1 | arg:0 block statement | Unexpected result: Source |
+| BadRedirectCheck.go:3:41:3:51 | comment | Missing result: Source |
+| cves.go:14:78:18:1 | arg:0 block statement | Unexpected result: Source |
+| cves.go:14:80:14:90 | comment | Missing result: Source |
+| main.go:10:78:12:1 | arg:0 block statement | Unexpected result: Source |
+| main.go:10:80:10:90 | comment | Missing result: Source |
+| main.go:32:79:36:1 | arg:0 block statement | Unexpected result: Source |
+| main.go:32:81:32:91 | comment | Missing result: Source |
+| main.go:68:41:74:1 | arg:0 block statement | Unexpected result: Source |
+| main.go:68:43:68:53 | comment | Missing result: Source |
+| main.go:76:74:78:1 | arg:0 block statement | Unexpected result: Source |
+| main.go:76:76:76:86 | comment | Missing result: Source |
diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
index d9f24369ca2..650341884f1 100644
--- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
+++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected
@@ -30,16 +30,16 @@ edges
 | stdlib.go:71:23:71:37 | ...+... | stdlib.go:71:23:71:40 | ...+... | provenance | Config Sink:MaD:1 |
 | stdlib.go:93:13:93:18 | selection of Form | stdlib.go:93:13:93:32 | call to Get | provenance | Src:MaD:2 Config |
 | stdlib.go:93:13:93:32 | call to Get | stdlib.go:94:3:94:8 | target | provenance |  |
-| stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | ... += ... | provenance | Config |
-| stdlib.go:94:3:94:25 | ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 |
-| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | provenance |  |
+| stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | compound-rhs ... += ... | provenance | Config |
+| stdlib.go:94:3:94:25 | compound-rhs ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 |
+| stdlib.go:116:4:116:4 | implicit-deref r [postupdate] [URL] | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | provenance |  |
 | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance |  |
-| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [postupdate] | provenance | Config |
-| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit dereference | provenance | Src:MaD:4 Config |
-| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | provenance |  |
-| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:8 | implicit dereference | provenance | Config |
-| stdlib.go:117:24:117:24 | implicit dereference [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance |  |
-| stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit dereference [URL] | provenance |  |
+| stdlib.go:116:4:116:8 | implicit-deref selection of URL | stdlib.go:116:4:116:8 | selection of URL [postupdate] | provenance | Config |
+| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit-deref selection of URL | provenance | Src:MaD:4 Config |
+| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:4 | implicit-deref r [postupdate] [URL] | provenance |  |
+| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:8 | implicit-deref selection of URL | provenance | Config |
+| stdlib.go:117:24:117:24 | implicit-deref r [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance |  |
+| stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit-deref r [URL] | provenance |  |
 | stdlib.go:117:24:117:28 | selection of URL | stdlib.go:117:24:117:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 |
 | stdlib.go:150:13:150:18 | selection of Form | stdlib.go:150:13:150:32 | call to Get | provenance | Src:MaD:2 Config |
 | stdlib.go:150:13:150:32 | call to Get | stdlib.go:156:23:156:28 | target | provenance | Sink:MaD:1 |
@@ -51,42 +51,42 @@ edges
 | stdlib.go:177:35:177:39 | selection of URL | stdlib.go:177:35:177:52 | call to RequestURI | provenance | Src:MaD:4 Config |
 | stdlib.go:177:35:177:52 | call to RequestURI | stdlib.go:177:24:177:52 | ...+... | provenance | Config Sink:MaD:1 |
 | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | provenance | Src:MaD:3 Sink:MaD:1 |
-| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:196:23:196:28 | target | provenance |  |
-| stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | ... := ...[0] | provenance | Src:MaD:3 Config |
-| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:28 | target [postupdate] | provenance | Config |
-| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
-| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config |
+| stdlib.go:194:3:194:57 | extract:0 ... := ... | stdlib.go:196:23:196:28 | target | provenance |  |
+| stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | extract:0 ... := ... | provenance | Src:MaD:3 Config |
+| stdlib.go:196:23:196:28 | implicit-deref target | stdlib.go:196:23:196:28 | target [postupdate] | provenance | Config |
+| stdlib.go:196:23:196:28 | implicit-deref target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
+| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit-deref target | provenance | Config |
 | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 |
 | stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance |  |
-| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config |
+| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit-deref target | provenance | Config |
 | stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:198:23:198:28 | target | provenance |  |
 | stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 |
-| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config |
-| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | provenance |  |
+| stdlib.go:210:3:210:3 | implicit-deref u [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config |
+| stdlib.go:210:3:210:3 | implicit-deref u [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | provenance |  |
 | stdlib.go:210:3:210:3 | u [postupdate] | stdlib.go:212:23:212:23 | u | provenance |  |
 | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | stdlib.go:212:23:212:23 | u [pointer] | provenance |  |
-| stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config |
+| stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | implicit-deref u [postupdate] | provenance | Src:MaD:3 Config |
 | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Src:MaD:3 Config |
-| stdlib.go:212:23:212:23 | implicit dereference | stdlib.go:212:23:212:23 | u [postupdate] | provenance | Config |
-| stdlib.go:212:23:212:23 | implicit dereference | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 |
-| stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config |
+| stdlib.go:212:23:212:23 | implicit-deref u | stdlib.go:212:23:212:23 | u [postupdate] | provenance | Config |
+| stdlib.go:212:23:212:23 | implicit-deref u | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 |
+| stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:23 | implicit-deref u | provenance | Config |
 | stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 |
 | stdlib.go:212:23:212:23 | u | stdlib.go:214:23:214:23 | u | provenance |  |
-| stdlib.go:212:23:212:23 | u [pointer] | stdlib.go:212:23:212:23 | implicit dereference | provenance |  |
-| stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config |
+| stdlib.go:212:23:212:23 | u [pointer] | stdlib.go:212:23:212:23 | implicit-deref u | provenance |  |
+| stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:212:23:212:23 | implicit-deref u | provenance | Config |
 | stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:214:23:214:23 | u | provenance |  |
 | stdlib.go:214:23:214:23 | u | stdlib.go:214:23:214:32 | call to String | provenance | Config Sink:MaD:1 |
-| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Config |
-| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | provenance |  |
+| stdlib.go:257:3:257:3 | implicit-deref u [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Config |
+| stdlib.go:257:3:257:3 | implicit-deref u [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | provenance |  |
 | stdlib.go:257:3:257:3 | u [postupdate] | stdlib.go:260:3:260:3 | u | provenance |  |
 | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | stdlib.go:260:3:260:3 | u [pointer] | provenance |  |
-| stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config |
+| stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | implicit-deref u [postupdate] | provenance | Src:MaD:3 Config |
 | stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Src:MaD:3 Config |
-| stdlib.go:260:3:260:3 | implicit dereference | stdlib.go:260:3:260:3 | u [postupdate] | provenance | Config |
-| stdlib.go:260:3:260:3 | u | stdlib.go:260:3:260:3 | implicit dereference | provenance | Config |
+| stdlib.go:260:3:260:3 | implicit-deref u | stdlib.go:260:3:260:3 | u [postupdate] | provenance | Config |
+| stdlib.go:260:3:260:3 | u | stdlib.go:260:3:260:3 | implicit-deref u | provenance | Config |
 | stdlib.go:260:3:260:3 | u | stdlib.go:261:23:261:23 | u | provenance |  |
-| stdlib.go:260:3:260:3 | u [pointer] | stdlib.go:260:3:260:3 | implicit dereference | provenance |  |
-| stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:260:3:260:3 | implicit dereference | provenance | Config |
+| stdlib.go:260:3:260:3 | u [pointer] | stdlib.go:260:3:260:3 | implicit-deref u | provenance |  |
+| stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:260:3:260:3 | implicit-deref u | provenance | Config |
 | stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:261:23:261:23 | u | provenance |  |
 | stdlib.go:261:23:261:23 | u | stdlib.go:261:23:261:32 | call to String | provenance | Config Sink:MaD:1 |
 models
@@ -118,14 +118,14 @@ nodes
 | stdlib.go:93:13:93:18 | selection of Form | semmle.label | selection of Form |
 | stdlib.go:93:13:93:32 | call to Get | semmle.label | call to Get |
 | stdlib.go:94:3:94:8 | target | semmle.label | target |
-| stdlib.go:94:3:94:25 | ... += ... | semmle.label | ... += ... |
+| stdlib.go:94:3:94:25 | compound-rhs ... += ... | semmle.label | compound-rhs ... += ... |
 | stdlib.go:96:23:96:28 | target | semmle.label | target |
-| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | semmle.label | implicit dereference [postupdate] [URL] |
+| stdlib.go:116:4:116:4 | implicit-deref r [postupdate] [URL] | semmle.label | implicit-deref r [postupdate] [URL] |
 | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | semmle.label | r [postupdate] [pointer, URL] |
-| stdlib.go:116:4:116:8 | implicit dereference | semmle.label | implicit dereference |
+| stdlib.go:116:4:116:8 | implicit-deref selection of URL | semmle.label | implicit-deref selection of URL |
 | stdlib.go:116:4:116:8 | selection of URL | semmle.label | selection of URL |
 | stdlib.go:116:4:116:8 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] |
-| stdlib.go:117:24:117:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] |
+| stdlib.go:117:24:117:24 | implicit-deref r [URL] | semmle.label | implicit-deref r [URL] |
 | stdlib.go:117:24:117:24 | r [pointer, URL] | semmle.label | r [pointer, URL] |
 | stdlib.go:117:24:117:28 | selection of URL | semmle.label | selection of URL |
 | stdlib.go:117:24:117:37 | call to String | semmle.label | call to String |
@@ -142,30 +142,30 @@ nodes
 | stdlib.go:177:35:177:52 | call to RequestURI | semmle.label | call to RequestURI |
 | stdlib.go:186:13:186:33 | call to FormValue | semmle.label | call to FormValue |
 | stdlib.go:188:23:188:28 | target | semmle.label | target |
-| stdlib.go:194:3:194:57 | ... := ...[0] | semmle.label | ... := ...[0] |
+| stdlib.go:194:3:194:57 | extract:0 ... := ... | semmle.label | extract:0 ... := ... |
 | stdlib.go:194:36:194:56 | call to FormValue | semmle.label | call to FormValue |
-| stdlib.go:196:23:196:28 | implicit dereference | semmle.label | implicit dereference |
+| stdlib.go:196:23:196:28 | implicit-deref target | semmle.label | implicit-deref target |
 | stdlib.go:196:23:196:28 | target | semmle.label | target |
 | stdlib.go:196:23:196:28 | target [postupdate] | semmle.label | target [postupdate] |
 | stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path |
 | stdlib.go:198:23:198:28 | target | semmle.label | target |
 | stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath |
-| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
+| stdlib.go:210:3:210:3 | implicit-deref u [postupdate] | semmle.label | implicit-deref u [postupdate] |
 | stdlib.go:210:3:210:3 | u [postupdate] | semmle.label | u [postupdate] |
 | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] |
 | stdlib.go:210:12:210:30 | call to FormValue | semmle.label | call to FormValue |
-| stdlib.go:212:23:212:23 | implicit dereference | semmle.label | implicit dereference |
+| stdlib.go:212:23:212:23 | implicit-deref u | semmle.label | implicit-deref u |
 | stdlib.go:212:23:212:23 | u | semmle.label | u |
 | stdlib.go:212:23:212:23 | u [pointer] | semmle.label | u [pointer] |
 | stdlib.go:212:23:212:23 | u [postupdate] | semmle.label | u [postupdate] |
 | stdlib.go:212:23:212:28 | selection of Path | semmle.label | selection of Path |
 | stdlib.go:214:23:214:23 | u | semmle.label | u |
 | stdlib.go:214:23:214:32 | call to String | semmle.label | call to String |
-| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] |
+| stdlib.go:257:3:257:3 | implicit-deref u [postupdate] | semmle.label | implicit-deref u [postupdate] |
 | stdlib.go:257:3:257:3 | u [postupdate] | semmle.label | u [postupdate] |
 | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] |
 | stdlib.go:257:12:257:30 | call to FormValue | semmle.label | call to FormValue |
-| stdlib.go:260:3:260:3 | implicit dereference | semmle.label | implicit dereference |
+| stdlib.go:260:3:260:3 | implicit-deref u | semmle.label | implicit-deref u |
 | stdlib.go:260:3:260:3 | u | semmle.label | u |
 | stdlib.go:260:3:260:3 | u [pointer] | semmle.label | u [pointer] |
 | stdlib.go:260:3:260:3 | u [postupdate] | semmle.label | u [postupdate] |