From e9c295809587b710fb9ed0ac5953c8e5dd2255ad Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Thu, 11 Jun 2020 17:07:46 +0100
Subject: [PATCH 1/3] Add classes for array and slice literals

---
 .../learn-ql/go/ast-class-reference.rst       | 42 ++++++------
 ql/src/semmle/go/Expr.qll                     | 65 +++++++++++++++++++
 2 files changed, 88 insertions(+), 19 deletions(-)

diff --git a/docs/language/learn-ql/go/ast-class-reference.rst b/docs/language/learn-ql/go/ast-class-reference.rst
index b1cb1034d23..d874652a894 100644
--- a/docs/language/learn-ql/go/ast-class-reference.rst
+++ b/docs/language/learn-ql/go/ast-class-reference.rst
@@ -290,25 +290,29 @@ Literals
 All classes in this subsection are subclasses of
 `Literal <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$Literal.html>`__.
 
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
-|  Expression syntax example              | CodeQL class                                                                                 | Superclass                                                                                         |
-+=========================================+==============================================================================================+====================================================================================================+
-| ``23``                                  | `IntLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$IntLit.html>`__       | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__         |
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
-| ``4.2``                                 | `FloatLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$FloatLit.html>`__   | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__         |
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
-| ``4.2 + 2.7i``                          | `ImagLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$ImagLit.html>`__     | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__         |
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
-| ``'a'``                                 | `CharLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$CharLit.html>`__     | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__         |
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
-| ``"Hello"``                             | `StringLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$StringLit.html>`__ | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__         |
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
-| ``func(x, y int) int { return x + y }`` | `FuncLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$FuncLit.html>`__     | `FuncDef <https://help.semmle.com/qldoc/go/semmle/go/Decls.qll/type.Decls$FuncDef.html>`__         |
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
-| ``map[string]int{"A": 1, "B": 2}``      | `MapLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$MapLit.html>`__       | `CompositeLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$CompositeLit.html>`__ |
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
-| ``Point3D{0.5, -0.5, 0.5}``             | `StructLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$StructLit.html>`__ | `CompositeLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$CompositeLit.html>`__ |
-+-----------------------------------------+----------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------+
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Expression syntax example               | CodeQL class                                                                                 | Superclass                                                                                                                                                                                                   |
++=========================================+==============================================================================================+==============================================================================================================================================================================================================+
+| ``23``                                  | `IntLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$IntLit.html>`__       | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__                                                                                                                   |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``4.2``                                 | `FloatLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$FloatLit.html>`__   | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__                                                                                                                   |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``4.2 + 2.7i``                          | `ImagLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$ImagLit.html>`__     | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__                                                                                                                   |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``'a'``                                 | `CharLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$CharLit.html>`__     | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__                                                                                                                   |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``"Hello"``                             | `StringLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$StringLit.html>`__ | `BasicLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$BasicLit.html>`__                                                                                                                   |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``func(x, y int) int { return x + y }`` | `FuncLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$FuncLit.html>`__     | `FuncDef <https://help.semmle.com/qldoc/go/semmle/go/Decls.qll/type.Decls$FuncDef.html>`__                                                                                                                   |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``[6]int{1, 2, 3, 5}``                  | `ArrayLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$ArrayLit.html>`__   | `ArrayOrSliceLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$ArrayOrSliceLit.html>`__, `CompositeLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$CompositeLit.html>`__ |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``[]int{1, 2, 3, 5}``                   | `SliceLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$SliceLit.html>`__   | `ArrayOrSliceLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$ArrayOrSliceLit.html>`__, `CompositeLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$CompositeLit.html>`__ |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``map[string]int{"A": 1, "B": 2}``      | `MapLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$MapLit.html>`__       | `CompositeLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$CompositeLit.html>`__                                                                                                           |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| ``Point3D{0.5, -0.5, 0.5}``             | `StructLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$StructLit.html>`__ | `CompositeLit <https://help.semmle.com/qldoc/go/semmle/go/Expr.qll/type.Expr$CompositeLit.html>`__                                                                                                           |
++-----------------------------------------+----------------------------------------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
 Unary expressions
 ~~~~~~~~~~~~~~~~~
diff --git a/ql/src/semmle/go/Expr.qll b/ql/src/semmle/go/Expr.qll
index 0bdd0c092b1..3f2fc2897cd 100644
--- a/ql/src/semmle/go/Expr.qll
+++ b/ql/src/semmle/go/Expr.qll
@@ -437,6 +437,71 @@ class StructLit extends CompositeLit {
   StructType getStructType() { result = st }
 }
 
+/**
+ * An array or slice literal.
+ *
+ * Examples:
+ *
+ * ```go
+ * [10]string{}
+ * [6]int{1, 2, 3, 5}
+ * [...]string{"Sat", "Sun"}
+ * []int{1, 2, 3, 5}
+ * []string{"Sat", "Sun"}
+ * ```
+ */
+class ArrayOrSliceLit extends CompositeLit {
+  CompositeType type;
+
+  ArrayOrSliceLit() {
+    type = getType().getUnderlyingType() and
+    (
+      type instanceof ArrayType
+      or
+      type instanceof SliceType
+    )
+  }
+}
+
+/**
+ * An array literal.
+ *
+ * Examples:
+ *
+ * ```go
+ * [10]string{}
+ * [6]int{1, 2, 3, 5}
+ * [...]string{"Sat", "Sun"}
+ * ```
+ */
+class ArrayLit extends ArrayOrSliceLit {
+  override ArrayType type;
+
+  /** Gets the array type underlying this literal. */
+  ArrayType getArrayType() { result = type }
+
+  override string toString() { result = "array literal" }
+}
+
+/**
+ * A slice literal.
+ *
+ * Examples:
+ *
+ * ```go
+ * []int{1, 2, 3, 5}
+ * []string{"Sat", "Sun"}
+ * ```
+ */
+class SliceLit extends ArrayOrSliceLit {
+  override SliceType type;
+
+  /** Gets the slice type underlying this literal. */
+  SliceType getSliceType() { result = type }
+
+  override string toString() { result = "slice literal" }
+}
+
 /**
  * A parenthesized expression.
  *

From dc113ab19f0772bf437f24f838c75be8da44cb22 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Fri, 12 Jun 2020 09:53:35 +0100
Subject: [PATCH 2/3] Update tests for new strings

---
 .../semmle/go/Expr/CompositeLit.expected      | 74 +++++++++----------
 .../ControlFlowNode_getASuccessor.expected    | 20 ++---
 .../dataflow/FlowSteps/LocalFlowStep.expected |  2 +-
 .../FlowSteps/LocalTaintStep.expected         |  6 +-
 .../semmle/go/frameworks/HTTP/Header.expected |  4 +-
 .../SystemCommandExecutors.expected           |  4 +-
 .../frameworks/TaintSteps/TaintStep.expected  | 14 ++--
 7 files changed, 62 insertions(+), 62 deletions(-)

diff --git a/ql/test/library-tests/semmle/go/Expr/CompositeLit.expected b/ql/test/library-tests/semmle/go/Expr/CompositeLit.expected
index 704af546c27..4e119d4a86a 100644
--- a/ql/test/library-tests/semmle/go/Expr/CompositeLit.expected
+++ b/ql/test/library-tests/semmle/go/Expr/CompositeLit.expected
@@ -4,40 +4,40 @@
 | literals.go:5:15:9:1 | composite literal | 1 | value | literals.go:7:17:7:20 | 0600 |
 | literals.go:5:15:9:1 | composite literal | 2 | key | literals.go:8:2:8:14 | "hexadecimal" |
 | literals.go:5:15:9:1 | composite literal | 2 | value | literals.go:8:17:8:24 | 0xcaffee |
-| literals.go:11:17:21:1 | composite literal | 0 | value | literals.go:12:2:12:3 | 0. |
-| literals.go:11:17:21:1 | composite literal | 1 | value | literals.go:13:2:13:6 | 72.40 |
-| literals.go:11:17:21:1 | composite literal | 2 | value | literals.go:14:2:14:7 | 072.40 |
-| literals.go:11:17:21:1 | composite literal | 3 | value | literals.go:15:2:15:8 | 2.71828 |
-| literals.go:11:17:21:1 | composite literal | 4 | value | literals.go:16:2:16:6 | 1.e+0 |
-| literals.go:11:17:21:1 | composite literal | 5 | value | literals.go:17:2:17:12 | 6.67428e-11 |
-| literals.go:11:17:21:1 | composite literal | 6 | value | literals.go:18:2:18:4 | 1E6 |
-| literals.go:11:17:21:1 | composite literal | 7 | value | literals.go:19:2:19:4 | .25 |
-| literals.go:11:17:21:1 | composite literal | 8 | value | literals.go:20:2:20:10 | .12345E+5 |
-| literals.go:23:16:33:1 | composite literal | 0 | value | literals.go:24:2:24:3 | 0i |
-| literals.go:23:16:33:1 | composite literal | 1 | value | literals.go:25:2:25:5 | 011i |
-| literals.go:23:16:33:1 | composite literal | 2 | value | literals.go:26:2:26:4 | 0.i |
-| literals.go:23:16:33:1 | composite literal | 3 | value | literals.go:27:2:27:9 | 2.71828i |
-| literals.go:23:16:33:1 | composite literal | 4 | value | literals.go:28:2:28:7 | 1.e+0i |
-| literals.go:23:16:33:1 | composite literal | 5 | value | literals.go:29:2:29:13 | 6.67428e-11i |
-| literals.go:23:16:33:1 | composite literal | 6 | value | literals.go:30:2:30:5 | 1E6i |
-| literals.go:23:16:33:1 | composite literal | 7 | value | literals.go:31:2:31:5 | .25i |
-| literals.go:23:16:33:1 | composite literal | 8 | value | literals.go:32:2:32:11 | .12345E+5i |
-| literals.go:35:16:47:1 | composite literal | 0 | value | literals.go:36:2:36:4 | 'a' |
-| literals.go:35:16:47:1 | composite literal | 1 | value | literals.go:37:2:37:5 | '\u00e4' |
-| literals.go:35:16:47:1 | composite literal | 2 | value | literals.go:38:2:38:6 | '\u672c' |
-| literals.go:35:16:47:1 | composite literal | 3 | value | literals.go:39:2:39:5 | '\\t' |
-| literals.go:35:16:47:1 | composite literal | 4 | value | literals.go:40:2:40:7 | '\\007' |
-| literals.go:35:16:47:1 | composite literal | 5 | value | literals.go:41:2:41:7 | '\\377' |
-| literals.go:35:16:47:1 | composite literal | 6 | value | literals.go:42:2:42:7 | '\\x07' |
-| literals.go:35:16:47:1 | composite literal | 7 | value | literals.go:43:2:43:7 | '\\xff' |
-| literals.go:35:16:47:1 | composite literal | 8 | value | literals.go:44:2:44:9 | '\\u12e4' |
-| literals.go:35:16:47:1 | composite literal | 9 | value | literals.go:45:2:45:13 | '\\U00101234' |
-| literals.go:35:16:47:1 | composite literal | 10 | value | literals.go:46:2:46:5 | '\\'' |
-| literals.go:49:15:59:1 | composite literal | 0 | value | literals.go:50:2:50:6 | `abc` |
-| literals.go:49:15:59:1 | composite literal | 1 | value | literals.go:51:2:52:3 | `\\n,\n\\n` |
-| literals.go:49:15:59:1 | composite literal | 2 | value | literals.go:53:2:53:5 | "\\n" |
-| literals.go:49:15:59:1 | composite literal | 3 | value | literals.go:54:2:54:5 | "\\"" |
-| literals.go:49:15:59:1 | composite literal | 4 | value | literals.go:55:2:55:18 | "Hello, world!\\n" |
-| literals.go:49:15:59:1 | composite literal | 5 | value | literals.go:56:2:56:12 | "\u65e5\u672c\u8a9e" |
-| literals.go:49:15:59:1 | composite literal | 6 | value | literals.go:57:2:57:22 | "\\u65e5\u672c\\U00008a9e" |
-| literals.go:49:15:59:1 | composite literal | 7 | value | literals.go:58:2:58:13 | "\\xff\\u00FF" |
+| literals.go:11:17:21:1 | slice literal | 0 | value | literals.go:12:2:12:3 | 0. |
+| literals.go:11:17:21:1 | slice literal | 1 | value | literals.go:13:2:13:6 | 72.40 |
+| literals.go:11:17:21:1 | slice literal | 2 | value | literals.go:14:2:14:7 | 072.40 |
+| literals.go:11:17:21:1 | slice literal | 3 | value | literals.go:15:2:15:8 | 2.71828 |
+| literals.go:11:17:21:1 | slice literal | 4 | value | literals.go:16:2:16:6 | 1.e+0 |
+| literals.go:11:17:21:1 | slice literal | 5 | value | literals.go:17:2:17:12 | 6.67428e-11 |
+| literals.go:11:17:21:1 | slice literal | 6 | value | literals.go:18:2:18:4 | 1E6 |
+| literals.go:11:17:21:1 | slice literal | 7 | value | literals.go:19:2:19:4 | .25 |
+| literals.go:11:17:21:1 | slice literal | 8 | value | literals.go:20:2:20:10 | .12345E+5 |
+| literals.go:23:16:33:1 | slice literal | 0 | value | literals.go:24:2:24:3 | 0i |
+| literals.go:23:16:33:1 | slice literal | 1 | value | literals.go:25:2:25:5 | 011i |
+| literals.go:23:16:33:1 | slice literal | 2 | value | literals.go:26:2:26:4 | 0.i |
+| literals.go:23:16:33:1 | slice literal | 3 | value | literals.go:27:2:27:9 | 2.71828i |
+| literals.go:23:16:33:1 | slice literal | 4 | value | literals.go:28:2:28:7 | 1.e+0i |
+| literals.go:23:16:33:1 | slice literal | 5 | value | literals.go:29:2:29:13 | 6.67428e-11i |
+| literals.go:23:16:33:1 | slice literal | 6 | value | literals.go:30:2:30:5 | 1E6i |
+| literals.go:23:16:33:1 | slice literal | 7 | value | literals.go:31:2:31:5 | .25i |
+| literals.go:23:16:33:1 | slice literal | 8 | value | literals.go:32:2:32:11 | .12345E+5i |
+| literals.go:35:16:47:1 | slice literal | 0 | value | literals.go:36:2:36:4 | 'a' |
+| literals.go:35:16:47:1 | slice literal | 1 | value | literals.go:37:2:37:5 | '\u00e4' |
+| literals.go:35:16:47:1 | slice literal | 2 | value | literals.go:38:2:38:6 | '\u672c' |
+| literals.go:35:16:47:1 | slice literal | 3 | value | literals.go:39:2:39:5 | '\\t' |
+| literals.go:35:16:47:1 | slice literal | 4 | value | literals.go:40:2:40:7 | '\\007' |
+| literals.go:35:16:47:1 | slice literal | 5 | value | literals.go:41:2:41:7 | '\\377' |
+| literals.go:35:16:47:1 | slice literal | 6 | value | literals.go:42:2:42:7 | '\\x07' |
+| literals.go:35:16:47:1 | slice literal | 7 | value | literals.go:43:2:43:7 | '\\xff' |
+| literals.go:35:16:47:1 | slice literal | 8 | value | literals.go:44:2:44:9 | '\\u12e4' |
+| literals.go:35:16:47:1 | slice literal | 9 | value | literals.go:45:2:45:13 | '\\U00101234' |
+| literals.go:35:16:47:1 | slice literal | 10 | value | literals.go:46:2:46:5 | '\\'' |
+| literals.go:49:15:59:1 | slice literal | 0 | value | literals.go:50:2:50:6 | `abc` |
+| literals.go:49:15:59:1 | slice literal | 1 | value | literals.go:51:2:52:3 | `\\n,\n\\n` |
+| literals.go:49:15:59:1 | slice literal | 2 | value | literals.go:53:2:53:5 | "\\n" |
+| literals.go:49:15:59:1 | slice literal | 3 | value | literals.go:54:2:54:5 | "\\"" |
+| literals.go:49:15:59:1 | slice literal | 4 | value | literals.go:55:2:55:18 | "Hello, world!\\n" |
+| literals.go:49:15:59:1 | slice literal | 5 | value | literals.go:56:2:56:12 | "\u65e5\u672c\u8a9e" |
+| literals.go:49:15:59:1 | slice literal | 6 | value | literals.go:57:2:57:22 | "\\u65e5\u672c\\U00008a9e" |
+| literals.go:49:15:59:1 | slice literal | 7 | value | literals.go:58:2:58:13 | "\\xff\\u00FF" |
diff --git a/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected b/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected
index 91e22538402..987925ee66d 100644
--- a/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected
+++ b/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected
@@ -102,15 +102,15 @@
 | exprs.go:15:49:15:55 | struct2 | exprs.go:15:49:15:57 | selection of x |
 | exprs.go:15:49:15:57 | selection of x | exprs.go:15:46:15:57 | init of key-value pair |
 | exprs.go:16:2:16:5 | assignment to arr1 | exprs.go:17:2:17:5 | skip |
-| exprs.go:16:2:16:5 | skip | exprs.go:16:10:16:26 | composite literal |
-| exprs.go:16:10:16:26 | composite literal | exprs.go:16:17:16:17 | element index |
+| exprs.go:16:2:16:5 | skip | exprs.go:16:10:16:26 | array literal |
+| exprs.go:16:10:16:26 | array literal | exprs.go:16:17:16:17 | element index |
 | exprs.go:16:17:16:17 | element index | exprs.go:16:17:16:23 | struct3 |
 | exprs.go:16:17:16:23 | struct3 | exprs.go:16:17:16:25 | selection of x |
 | exprs.go:16:17:16:25 | init of selection of x | exprs.go:16:2:16:5 | assignment to arr1 |
 | exprs.go:16:17:16:25 | selection of x | exprs.go:16:17:16:25 | init of selection of x |
 | exprs.go:17:2:17:5 | assignment to arr2 | exprs.go:18:2:18:4 | skip |
-| exprs.go:17:2:17:5 | skip | exprs.go:17:10:17:40 | composite literal |
-| exprs.go:17:10:17:40 | composite literal | exprs.go:17:19:17:19 | element index |
+| exprs.go:17:2:17:5 | skip | exprs.go:17:10:17:40 | array literal |
+| exprs.go:17:10:17:40 | array literal | exprs.go:17:19:17:19 | element index |
 | exprs.go:17:19:17:19 | element index | exprs.go:17:19:17:25 | struct3 |
 | exprs.go:17:19:17:25 | struct3 | exprs.go:17:19:17:27 | selection of x |
 | exprs.go:17:19:17:27 | init of selection of x | exprs.go:17:30:17:30 | 2 |
@@ -122,8 +122,8 @@
 | exprs.go:17:33:17:39 | index expression | exprs.go:26:1:26:1 | exit |
 | exprs.go:17:38:17:38 | 0 | exprs.go:17:33:17:39 | index expression |
 | exprs.go:18:2:18:4 | assignment to slc | exprs.go:19:2:19:3 | skip |
-| exprs.go:18:2:18:4 | skip | exprs.go:18:9:18:22 | composite literal |
-| exprs.go:18:9:18:22 | composite literal | exprs.go:18:18:18:18 | element index |
+| exprs.go:18:2:18:4 | skip | exprs.go:18:9:18:22 | slice literal |
+| exprs.go:18:9:18:22 | slice literal | exprs.go:18:18:18:18 | element index |
 | exprs.go:18:18:18:18 | element index | exprs.go:18:18:18:18 | s |
 | exprs.go:18:18:18:18 | init of s | exprs.go:18:21:18:21 | element index |
 | exprs.go:18:18:18:18 | s | exprs.go:18:18:18:18 | init of s |
@@ -297,11 +297,11 @@
 | exprs.go:57:9:57:15 | call to sum | exprs.go:57:2:57:15 | return statement |
 | exprs.go:57:9:57:15 | call to sum | exprs.go:58:1:58:1 | exit |
 | exprs.go:57:13:57:14 | xs | exprs.go:57:9:57:15 | call to sum |
-| exprs.go:60:1:60:1 | entry | exprs.go:61:9:61:22 | composite literal |
+| exprs.go:60:1:60:1 | entry | exprs.go:61:9:61:22 | slice literal |
 | exprs.go:60:1:62:1 | function declaration | exprs.go:64:5:64:5 | skip |
 | exprs.go:60:6:60:9 | skip | exprs.go:60:1:62:1 | function declaration |
 | exprs.go:61:2:61:22 | return statement | exprs.go:62:1:62:1 | exit |
-| exprs.go:61:9:61:22 | composite literal | exprs.go:61:15:61:15 | element index |
+| exprs.go:61:9:61:22 | slice literal | exprs.go:61:15:61:15 | element index |
 | exprs.go:61:15:61:15 | 1 | exprs.go:61:15:61:15 | init of 1 |
 | exprs.go:61:15:61:15 | element index | exprs.go:61:15:61:15 | 1 |
 | exprs.go:61:15:61:15 | init of 1 | exprs.go:61:18:61:18 | element index |
@@ -402,8 +402,8 @@
 | exprs.go:89:7:89:9 | skip | exprs.go:89:13:89:13 | 1 |
 | exprs.go:89:13:89:13 | 1 | exprs.go:89:7:89:9 | assignment to one |
 | exprs.go:91:5:91:5 | assignment to a | exprs.go:93:6:93:11 | skip |
-| exprs.go:91:5:91:5 | skip | exprs.go:91:9:91:25 | composite literal |
-| exprs.go:91:9:91:25 | composite literal | exprs.go:91:15:91:21 | ...+... |
+| exprs.go:91:5:91:5 | skip | exprs.go:91:9:91:25 | slice literal |
+| exprs.go:91:9:91:25 | slice literal | exprs.go:91:15:91:21 | ...+... |
 | exprs.go:91:15:91:21 | ...+... | exprs.go:91:24:91:24 | 2 |
 | exprs.go:91:15:91:24 | init of key-value pair | exprs.go:91:5:91:5 | assignment to a |
 | exprs.go:91:24:91:24 | 2 | exprs.go:91:15:91:24 | init of key-value pair |
diff --git a/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected
index f571c354c1c..730e38eb357 100644
--- a/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected
+++ b/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected
@@ -80,7 +80,7 @@
 | main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s |
 | main.go:38:2:38:2 | definition of s | main.go:40:15:40:15 | s |
 | main.go:38:2:38:2 | definition of s | main.go:42:7:42:7 | s |
-| main.go:38:7:38:20 | composite literal | main.go:38:2:38:2 | definition of s |
+| main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s |
 | main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 |
 | main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 |
 | main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 |
diff --git a/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
index a1400e3c5bc..d19150d5e7c 100644
--- a/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
+++ b/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
@@ -1,8 +1,8 @@
 | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[0] |
 | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[1] |
-| main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | composite literal |
-| main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | composite literal |
-| main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | composite literal |
+| main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | slice literal |
+| main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | slice literal |
+| main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal |
 | main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append |
 | main.go:39:18:39:18 | 4 | main.go:39:8:39:25 | call to append |
 | main.go:39:21:39:21 | 5 | main.go:39:8:39:25 | call to append |
diff --git a/ql/test/library-tests/semmle/go/frameworks/HTTP/Header.expected b/ql/test/library-tests/semmle/go/frameworks/HTTP/Header.expected
index ea04e232bcc..1c57549d95b 100644
--- a/ql/test/library-tests/semmle/go/frameworks/HTTP/Header.expected
+++ b/ql/test/library-tests/semmle/go/frameworks/HTTP/Header.expected
@@ -3,8 +3,8 @@
 | main.go:32:2:32:26 | call to Add | "Age" | "342232" | age | 342232 |
 | main.go:34:2:34:55 | call to Add | server | call to Sprintf | n/a | n/a |
 | main.go:35:2:35:45 | call to Set | LOC_HEADER | ...+... | n/a | n/a |
-| main.go:36:2:36:5 | head | "Unknown-Header" | composite literal | n/a | n/a |
+| main.go:36:2:36:5 | head | "Unknown-Header" | slice literal | n/a | n/a |
 | main.go:48:2:48:43 | call to Add | "Not-A-Response" | "Header" | not-a-response | Header |
 | main.go:49:2:49:42 | call to Set | "Accept" | "nota/response" | accept | nota/response |
-| main.go:50:2:50:11 | selection of Header | "Accept-Charset" | composite literal | n/a | n/a |
+| main.go:50:2:50:11 | selection of Header | "Accept-Charset" | slice literal | n/a | n/a |
 | main.go:57:2:57:42 | call to Set | "This-Makes" | "No sense" | this-makes | No sense |
diff --git a/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/SystemCommandExecutors.expected b/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/SystemCommandExecutors.expected
index 619b92eebb8..d9ca51beee2 100644
--- a/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/SystemCommandExecutors.expected
+++ b/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/SystemCommandExecutors.expected
@@ -1,6 +1,6 @@
 | SystemCommandExecutors.go:30:3:30:36 | call to StartProcess | SystemCommandExecutors.go:30:19:30:24 | source |
 | SystemCommandExecutors.go:34:3:34:47 | call to StartProcess | SystemCommandExecutors.go:34:19:34:23 | shell |
-| SystemCommandExecutors.go:34:3:34:47 | call to StartProcess | SystemCommandExecutors.go:34:26:34:41 | composite literal |
+| SystemCommandExecutors.go:34:3:34:47 | call to StartProcess | SystemCommandExecutors.go:34:26:34:41 | slice literal |
 | SystemCommandExecutors.go:34:3:34:47 | call to StartProcess | SystemCommandExecutors.go:34:44:34:46 | nil |
 | SystemCommandExecutors.go:37:3:37:64 | call to StartProcess | SystemCommandExecutors.go:37:19:37:23 | shell |
 | SystemCommandExecutors.go:37:3:37:64 | call to StartProcess | SystemCommandExecutors.go:37:26:37:58 | call to append |
@@ -56,5 +56,5 @@
 | SystemCommandExecutors.go:100:3:100:60 | call to Exec | SystemCommandExecutors.go:100:16:100:21 | source |
 | SystemCommandExecutors.go:101:3:101:77 | call to StartProcess | SystemCommandExecutors.go:101:24:101:29 | source |
 | SystemCommandExecutors.go:103:3:103:76 | call to StartProcess | SystemCommandExecutors.go:103:24:103:28 | shell |
-| SystemCommandExecutors.go:103:3:103:76 | call to StartProcess | SystemCommandExecutors.go:103:31:103:54 | composite literal |
+| SystemCommandExecutors.go:103:3:103:76 | call to StartProcess | SystemCommandExecutors.go:103:31:103:54 | slice literal |
 | SystemCommandExecutors.go:103:3:103:76 | call to StartProcess | SystemCommandExecutors.go:103:57:103:75 | &... |
diff --git a/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected b/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected
index eeb8e85e203..29f047efca8 100644
--- a/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected
+++ b/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected
@@ -59,16 +59,16 @@
 | main.go:13:14:13:52 | call to MarshalIndent | main.go:13:2:13:52 | ... := ...[0] |
 | main.go:13:14:13:52 | call to MarshalIndent | main.go:13:2:13:52 | ... := ...[1] |
 | main.go:13:33:13:33 | v | main.go:13:2:13:52 | ... := ...[0] |
-| main.go:14:25:14:25 | b | main.go:14:9:14:41 | composite literal |
-| main.go:14:28:14:30 | err | main.go:14:9:14:41 | composite literal |
-| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | composite literal |
-| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | composite literal |
+| main.go:14:25:14:25 | b | main.go:14:9:14:41 | slice literal |
+| main.go:14:28:14:30 | err | main.go:14:9:14:41 | slice literal |
+| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | slice literal |
+| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | slice literal |
 | main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[0] |
 | main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[1] |
 | main.go:19:35:19:41 | encoded | main.go:19:2:19:42 | ... := ...[0] |
-| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | composite literal |
-| main.go:23:34:23:36 | err | main.go:23:9:23:48 | composite literal |
-| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | composite literal |
+| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal |
+| main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal |
+| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal |
 | main.go:28:2:28:4 | implicit dereference | main.go:26:15:26:17 | definition of req |
 | main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:9 | selection of Body |
 | main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit dereference |

From e6217d90d72893f62a93792185609ab6388b5282 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Fri, 12 Jun 2020 11:23:58 +0100
Subject: [PATCH 3/3] Provide better strings for map and struct literals

---
 ql/src/semmle/go/Expr.qll                     |  4 +++
 .../semmle/go/Expr/CompositeLit.expected      | 12 ++++----
 .../ControlFlowNode_getASuccessor.expected    | 20 ++++++-------
 .../semmle/go/dataflow/SSA/VarDefs.expected   |  8 ++---
 .../Security/CWE-089/SqlInjection.expected    |  6 ++--
 .../CWE-312/CleartextLogging.expected         | 30 +++++++++----------
 6 files changed, 42 insertions(+), 38 deletions(-)

diff --git a/ql/src/semmle/go/Expr.qll b/ql/src/semmle/go/Expr.qll
index 3f2fc2897cd..633c46d64a9 100644
--- a/ql/src/semmle/go/Expr.qll
+++ b/ql/src/semmle/go/Expr.qll
@@ -415,6 +415,8 @@ class MapLit extends CompositeLit {
 
   /** Gets the value type of this literal. */
   Type getValueType() { result = mt.getValueType() }
+
+  override string toString() { result = "map literal" }
 }
 
 /**
@@ -435,6 +437,8 @@ class StructLit extends CompositeLit {
 
   /** Gets the struct type underlying this literal. */
   StructType getStructType() { result = st }
+
+  override string toString() { result = "struct literal" }
 }
 
 /**
diff --git a/ql/test/library-tests/semmle/go/Expr/CompositeLit.expected b/ql/test/library-tests/semmle/go/Expr/CompositeLit.expected
index 4e119d4a86a..8c2e362add3 100644
--- a/ql/test/library-tests/semmle/go/Expr/CompositeLit.expected
+++ b/ql/test/library-tests/semmle/go/Expr/CompositeLit.expected
@@ -1,9 +1,9 @@
-| literals.go:5:15:9:1 | composite literal | 0 | key | literals.go:6:2:6:10 | "decimal" |
-| literals.go:5:15:9:1 | composite literal | 0 | value | literals.go:6:17:6:18 | 42 |
-| literals.go:5:15:9:1 | composite literal | 1 | key | literals.go:7:2:7:8 | "octal" |
-| literals.go:5:15:9:1 | composite literal | 1 | value | literals.go:7:17:7:20 | 0600 |
-| literals.go:5:15:9:1 | composite literal | 2 | key | literals.go:8:2:8:14 | "hexadecimal" |
-| literals.go:5:15:9:1 | composite literal | 2 | value | literals.go:8:17:8:24 | 0xcaffee |
+| literals.go:5:15:9:1 | map literal | 0 | key | literals.go:6:2:6:10 | "decimal" |
+| literals.go:5:15:9:1 | map literal | 0 | value | literals.go:6:17:6:18 | 42 |
+| literals.go:5:15:9:1 | map literal | 1 | key | literals.go:7:2:7:8 | "octal" |
+| literals.go:5:15:9:1 | map literal | 1 | value | literals.go:7:17:7:20 | 0600 |
+| literals.go:5:15:9:1 | map literal | 2 | key | literals.go:8:2:8:14 | "hexadecimal" |
+| literals.go:5:15:9:1 | map literal | 2 | value | literals.go:8:17:8:24 | 0xcaffee |
 | literals.go:11:17:21:1 | slice literal | 0 | value | literals.go:12:2:12:3 | 0. |
 | literals.go:11:17:21:1 | slice literal | 1 | value | literals.go:13:2:13:6 | 72.40 |
 | literals.go:11:17:21:1 | slice literal | 2 | value | literals.go:14:2:14:7 | 072.40 |
diff --git a/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected b/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected
index 987925ee66d..1b1d4165a6b 100644
--- a/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected
+++ b/ql/test/library-tests/semmle/go/controlflow/ControlFlowGraph/ControlFlowNode_getASuccessor.expected
@@ -78,11 +78,11 @@
 | exprs.go:9:54:9:59 | type conversion | exprs.go:9:48:9:59 | ...<... |
 | exprs.go:9:58:9:58 | z | exprs.go:9:54:9:59 | type conversion |
 | exprs.go:10:2:10:8 | assignment to struct1 | exprs.go:11:2:11:8 | skip |
-| exprs.go:10:2:10:8 | skip | exprs.go:10:13:10:32 | composite literal |
-| exprs.go:10:13:10:32 | composite literal | exprs.go:10:2:10:8 | assignment to struct1 |
+| exprs.go:10:2:10:8 | skip | exprs.go:10:13:10:32 | struct literal |
+| exprs.go:10:13:10:32 | struct literal | exprs.go:10:2:10:8 | assignment to struct1 |
 | exprs.go:11:2:11:8 | assignment to struct2 | exprs.go:15:2:15:8 | skip |
-| exprs.go:11:2:11:8 | skip | exprs.go:11:13:14:21 | composite literal |
-| exprs.go:11:13:14:21 | composite literal | exprs.go:14:4:14:4 | k |
+| exprs.go:11:2:11:8 | skip | exprs.go:11:13:14:21 | struct literal |
+| exprs.go:11:13:14:21 | struct literal | exprs.go:14:4:14:4 | k |
 | exprs.go:14:4:14:4 | init of k | exprs.go:14:7:14:8 | fn |
 | exprs.go:14:4:14:4 | k | exprs.go:14:4:14:4 | init of k |
 | exprs.go:14:7:14:8 | fn | exprs.go:14:10:14:10 | i |
@@ -93,8 +93,8 @@
 | exprs.go:14:13:14:13 | j | exprs.go:14:16:14:19 | .../... |
 | exprs.go:14:16:14:19 | .../... | exprs.go:14:7:14:20 | call to fn |
 | exprs.go:15:2:15:8 | assignment to struct3 | exprs.go:16:2:16:5 | skip |
-| exprs.go:15:2:15:8 | skip | exprs.go:15:13:15:58 | composite literal |
-| exprs.go:15:13:15:58 | composite literal | exprs.go:15:35:15:41 | struct1 |
+| exprs.go:15:2:15:8 | skip | exprs.go:15:13:15:58 | struct literal |
+| exprs.go:15:13:15:58 | struct literal | exprs.go:15:35:15:41 | struct1 |
 | exprs.go:15:32:15:43 | init of key-value pair | exprs.go:15:49:15:55 | struct2 |
 | exprs.go:15:35:15:41 | struct1 | exprs.go:15:35:15:43 | selection of x |
 | exprs.go:15:35:15:43 | selection of x | exprs.go:15:32:15:43 | init of key-value pair |
@@ -131,8 +131,8 @@
 | exprs.go:18:21:18:21 | init of s | exprs.go:18:2:18:4 | assignment to slc |
 | exprs.go:18:21:18:21 | s | exprs.go:18:21:18:21 | init of s |
 | exprs.go:19:2:19:3 | assignment to mp | exprs.go:20:2:20:5 | skip |
-| exprs.go:19:2:19:3 | skip | exprs.go:19:8:19:38 | composite literal |
-| exprs.go:19:8:19:38 | composite literal | exprs.go:19:23:19:25 | slc |
+| exprs.go:19:2:19:3 | skip | exprs.go:19:8:19:38 | map literal |
+| exprs.go:19:8:19:38 | map literal | exprs.go:19:23:19:25 | slc |
 | exprs.go:19:23:19:25 | slc | exprs.go:19:27:19:27 | 0 |
 | exprs.go:19:23:19:28 | index expression | exprs.go:19:31:19:34 | arr2 |
 | exprs.go:19:23:19:28 | index expression | exprs.go:26:1:26:1 | exit |
@@ -174,7 +174,7 @@
 | exprs.go:23:10:23:17 | slice expression | exprs.go:23:2:23:5 | assignment to slc5 |
 | exprs.go:23:10:23:17 | slice expression | exprs.go:26:1:26:1 | exit |
 | exprs.go:23:15:23:15 | 0 | exprs.go:23:10:23:17 | len |
-| exprs.go:24:2:24:5 | assignment to slc6 | exprs.go:25:9:25:34 | composite literal |
+| exprs.go:24:2:24:5 | assignment to slc6 | exprs.go:25:9:25:34 | struct literal |
 | exprs.go:24:2:24:5 | skip | exprs.go:24:10:24:13 | slc5 |
 | exprs.go:24:10:24:13 | slc5 | exprs.go:24:10:24:17 | 0 |
 | exprs.go:24:10:24:17 | 0 | exprs.go:24:16:24:16 | 2 |
@@ -183,7 +183,7 @@
 | exprs.go:24:10:24:17 | slice expression | exprs.go:26:1:26:1 | exit |
 | exprs.go:24:16:24:16 | 2 | exprs.go:24:10:24:17 | cap |
 | exprs.go:25:2:25:34 | return statement | exprs.go:26:1:26:1 | exit |
-| exprs.go:25:9:25:34 | composite literal | exprs.go:25:15:25:16 | mp |
+| exprs.go:25:9:25:34 | struct literal | exprs.go:25:15:25:16 | mp |
 | exprs.go:25:15:25:16 | mp | exprs.go:25:18:25:18 | s |
 | exprs.go:25:15:25:19 | index expression | exprs.go:25:15:25:19 | init of index expression |
 | exprs.go:25:15:25:19 | index expression | exprs.go:26:1:26:1 | exit |
diff --git a/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected b/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected
index edc2e5cc22d..2cadf9f87ab 100644
--- a/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected
+++ b/ql/test/library-tests/semmle/go/dataflow/SSA/VarDefs.expected
@@ -33,15 +33,15 @@
 | main.go:96:2:96:2 | assignment to x | main.go:96:2:96:2 | x | main.go:96:7:96:7 | 0 |
 | main.go:98:3:98:3 | assignment to x | main.go:96:2:96:2 | x | main.go:98:7:98:7 | 1 |
 | main.go:110:6:110:6 | assignment to p | main.go:110:6:110:6 | p | main.go:110:6:110:6 | zero value for p |
-| main.go:112:3:112:3 | assignment to p | main.go:110:6:110:6 | p | main.go:112:7:112:24 | composite literal |
+| main.go:112:3:112:3 | assignment to p | main.go:110:6:110:6 | p | main.go:112:7:112:24 | struct literal |
 | main.go:112:9:112:9 | init of 2 | main.go:104:2:104:2 | a | main.go:112:9:112:9 | 2 |
-| main.go:112:12:112:18 | init of composite literal | main.go:105:2:105:2 | b | main.go:112:12:112:18 | composite literal |
+| main.go:112:12:112:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:112:12:112:18 | struct literal |
 | main.go:112:14:112:14 | init of 1 | main.go:89:2:89:2 | a | main.go:112:14:112:14 | 1 |
 | main.go:112:17:112:17 | init of 5 | main.go:90:2:90:2 | b | main.go:112:17:112:17 | 5 |
 | main.go:112:21:112:23 | init of 'n' | main.go:106:2:106:2 | c | main.go:112:21:112:23 | 'n' |
-| main.go:114:3:114:3 | assignment to p | main.go:110:6:110:6 | p | main.go:114:7:114:24 | composite literal |
+| main.go:114:3:114:3 | assignment to p | main.go:110:6:110:6 | p | main.go:114:7:114:24 | struct literal |
 | main.go:114:9:114:9 | init of 3 | main.go:104:2:104:2 | a | main.go:114:9:114:9 | 3 |
-| main.go:114:12:114:18 | init of composite literal | main.go:105:2:105:2 | b | main.go:114:12:114:18 | composite literal |
+| main.go:114:12:114:18 | init of struct literal | main.go:105:2:105:2 | b | main.go:114:12:114:18 | struct literal |
 | main.go:114:14:114:14 | init of 4 | main.go:89:2:89:2 | a | main.go:114:14:114:14 | 4 |
 | main.go:114:17:114:17 | init of 5 | main.go:90:2:90:2 | b | main.go:114:17:114:17 | 5 |
 | main.go:114:21:114:23 | init of '2' | main.go:106:2:106:2 | c | main.go:114:21:114:23 | '2' |
diff --git a/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
index 89f2978af2f..a0f97906eb2 100644
--- a/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
+++ b/ql/test/query-tests/Security/CWE-089/SqlInjection.expected
@@ -8,9 +8,9 @@ edges
 | main.go:14:63:14:67 | selection of URL : pointer type | main.go:14:11:14:84 | call to Sprintf |
 | main.go:15:63:15:70 | selection of Header : Header | main.go:15:11:15:85 | call to Sprintf |
 | main.go:27:17:30:2 | &... [pointer, Category] | main.go:33:3:33:13 | RequestData [pointer, Category] |
-| main.go:27:18:30:2 | composite literal [Category] : slice type | main.go:27:17:30:2 | &... [pointer, Category] |
+| main.go:27:18:30:2 | struct literal [Category] : slice type | main.go:27:17:30:2 | &... [pointer, Category] |
 | main.go:29:13:29:19 | selection of URL : pointer type | main.go:29:13:29:39 | index expression : slice type |
-| main.go:29:13:29:39 | index expression : slice type | main.go:27:18:30:2 | composite literal [Category] : slice type |
+| main.go:29:13:29:39 | index expression : slice type | main.go:27:18:30:2 | struct literal [Category] : slice type |
 | main.go:33:3:33:13 | RequestData [pointer, Category] | main.go:33:3:33:13 | implicit dereference [Category] : slice type |
 | main.go:33:3:33:13 | implicit dereference [Category] : slice type | main.go:33:3:33:22 | selection of Category : slice type |
 | main.go:33:3:33:22 | selection of Category : slice type | main.go:34:11:34:11 | q |
@@ -72,7 +72,7 @@ nodes
 | main.go:15:11:15:85 | call to Sprintf | semmle.label | call to Sprintf |
 | main.go:15:63:15:70 | selection of Header : Header | semmle.label | selection of Header : Header |
 | main.go:27:17:30:2 | &... [pointer, Category] | semmle.label | &... [pointer, Category] |
-| main.go:27:18:30:2 | composite literal [Category] : slice type | semmle.label | composite literal [Category] : slice type |
+| main.go:27:18:30:2 | struct literal [Category] : slice type | semmle.label | struct literal [Category] : slice type |
 | main.go:29:13:29:19 | selection of URL : pointer type | semmle.label | selection of URL : pointer type |
 | main.go:29:13:29:39 | index expression : slice type | semmle.label | index expression : slice type |
 | main.go:33:3:33:13 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] |
diff --git a/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
index b84fd624a69..4fca314327d 100644
--- a/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
+++ b/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -2,21 +2,21 @@ edges
 | passwords.go:8:12:8:12 | definition of x : string | passwords.go:9:14:9:14 | x |
 | passwords.go:30:8:30:15 | password : string | passwords.go:8:12:8:12 | definition of x : string |
 | passwords.go:34:28:34:35 | password : string | passwords.go:34:14:34:35 | ...+... |
-| passwords.go:36:10:38:2 | composite literal : passStruct | passwords.go:39:14:39:17 | obj1 |
+| passwords.go:36:10:38:2 | struct literal : passStruct | passwords.go:39:14:39:17 | obj1 |
 | passwords.go:42:6:42:13 | password : string | passwords.go:44:14:44:17 | obj2 |
 | passwords.go:48:11:48:18 | password : string | passwords.go:47:14:47:17 | obj3 |
-| passwords.go:85:19:87:2 | composite literal : passSetStruct | passwords.go:88:14:88:26 | utilityObject |
+| passwords.go:85:19:87:2 | struct literal : passSetStruct | passwords.go:88:14:88:26 | utilityObject |
 | passwords.go:90:12:90:19 | password : string | passwords.go:91:23:91:28 | secret |
 | passwords.go:101:33:101:40 | password : string | passwords.go:101:15:101:40 | ...+... |
 | passwords.go:107:34:107:41 | password : string | passwords.go:107:16:107:41 | ...+... |
 | passwords.go:112:33:112:40 | password : string | passwords.go:112:15:112:40 | ...+... |
 | passwords.go:116:28:116:36 | password1 : stringable | passwords.go:116:14:116:45 | ...+... |
-| passwords.go:118:12:123:2 | composite literal : Config | passwords.go:125:14:125:19 | config |
-| passwords.go:118:12:123:2 | composite literal [x] : string | passwords.go:126:14:126:19 | config [x] : string |
-| passwords.go:118:12:123:2 | composite literal [y] : string | passwords.go:127:14:127:19 | config [y] : string |
-| passwords.go:121:13:121:20 | password : string | passwords.go:118:12:123:2 | composite literal [x] : string |
+| passwords.go:118:12:123:2 | struct literal : Config | passwords.go:125:14:125:19 | config |
+| passwords.go:118:12:123:2 | struct literal [x] : string | passwords.go:126:14:126:19 | config [x] : string |
+| passwords.go:118:12:123:2 | struct literal [y] : string | passwords.go:127:14:127:19 | config [y] : string |
+| passwords.go:121:13:121:20 | password : string | passwords.go:118:12:123:2 | struct literal [x] : string |
 | passwords.go:121:13:121:20 | password : string | passwords.go:125:14:125:19 | config |
-| passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:118:12:123:2 | composite literal [y] : string |
+| passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:118:12:123:2 | struct literal [y] : string |
 | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:125:14:125:19 | config |
 | passwords.go:126:14:126:19 | config [x] : string | passwords.go:126:14:126:21 | selection of x |
 | passwords.go:127:14:127:19 | config [y] : string | passwords.go:127:14:127:21 | selection of y |
@@ -33,14 +33,14 @@ nodes
 | passwords.go:32:12:32:19 | password | semmle.label | password |
 | passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... |
 | passwords.go:34:28:34:35 | password : string | semmle.label | password : string |
-| passwords.go:36:10:38:2 | composite literal : passStruct | semmle.label | composite literal : passStruct |
+| passwords.go:36:10:38:2 | struct literal : passStruct | semmle.label | struct literal : passStruct |
 | passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 |
 | passwords.go:42:6:42:13 | password : string | semmle.label | password : string |
 | passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 |
 | passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 |
 | passwords.go:48:11:48:18 | password : string | semmle.label | password : string |
 | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password |
-| passwords.go:85:19:87:2 | composite literal : passSetStruct | semmle.label | composite literal : passSetStruct |
+| passwords.go:85:19:87:2 | struct literal : passSetStruct | semmle.label | struct literal : passSetStruct |
 | passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject |
 | passwords.go:90:12:90:19 | password : string | semmle.label | password : string |
 | passwords.go:91:23:91:28 | secret | semmle.label | secret |
@@ -52,9 +52,9 @@ nodes
 | passwords.go:112:33:112:40 | password : string | semmle.label | password : string |
 | passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... |
 | passwords.go:116:28:116:36 | password1 : stringable | semmle.label | password1 : stringable |
-| passwords.go:118:12:123:2 | composite literal : Config | semmle.label | composite literal : Config |
-| passwords.go:118:12:123:2 | composite literal [x] : string | semmle.label | composite literal [x] : string |
-| passwords.go:118:12:123:2 | composite literal [y] : string | semmle.label | composite literal [y] : string |
+| passwords.go:118:12:123:2 | struct literal : Config | semmle.label | struct literal : Config |
+| passwords.go:118:12:123:2 | struct literal [x] : string | semmle.label | struct literal [x] : string |
+| passwords.go:118:12:123:2 | struct literal [y] : string | semmle.label | struct literal [y] : string |
 | passwords.go:121:13:121:20 | password : string | semmle.label | password : string |
 | passwords.go:122:13:122:25 | call to getPassword : string | semmle.label | call to getPassword : string |
 | passwords.go:125:14:125:19 | config | semmle.label | config |
@@ -73,17 +73,17 @@ nodes
 | passwords.go:28:14:28:28 | call to getPassword | util.go:16:9:16:18 | selection of password : string | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by $@ is logged here. | util.go:16:9:16:18 | selection of password | an access to password |
 | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | Sensitive data returned by $@ is logged here. | passwords.go:32:12:32:19 | password | an access to password |
 | passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password : string | passwords.go:34:14:34:35 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:34:28:34:35 | password | an access to password |
-| passwords.go:39:14:39:17 | obj1 | passwords.go:36:10:38:2 | composite literal : passStruct | passwords.go:39:14:39:17 | obj1 | Sensitive data returned by $@ is logged here. | passwords.go:36:10:38:2 | composite literal | an access to password |
+| passwords.go:39:14:39:17 | obj1 | passwords.go:36:10:38:2 | struct literal : passStruct | passwords.go:39:14:39:17 | obj1 | Sensitive data returned by $@ is logged here. | passwords.go:36:10:38:2 | struct literal | an access to password |
 | passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password : string | passwords.go:44:14:44:17 | obj2 | Sensitive data returned by $@ is logged here. | passwords.go:42:6:42:13 | password | an access to password |
 | passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password : string | passwords.go:47:14:47:17 | obj3 | Sensitive data returned by $@ is logged here. | passwords.go:48:11:48:18 | password | an access to password |
 | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by $@ is logged here. | passwords.go:51:14:51:27 | fixed_password | an access to fixed_password |
-| passwords.go:88:14:88:26 | utilityObject | passwords.go:85:19:87:2 | composite literal : passSetStruct | passwords.go:88:14:88:26 | utilityObject | Sensitive data returned by $@ is logged here. | passwords.go:85:19:87:2 | composite literal | an access to passwordSet |
+| passwords.go:88:14:88:26 | utilityObject | passwords.go:85:19:87:2 | struct literal : passSetStruct | passwords.go:88:14:88:26 | utilityObject | Sensitive data returned by $@ is logged here. | passwords.go:85:19:87:2 | struct literal | an access to passwordSet |
 | passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password : string | passwords.go:91:23:91:28 | secret | Sensitive data returned by $@ is logged here. | passwords.go:90:12:90:19 | password | an access to password |
 | passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password : string | passwords.go:101:15:101:40 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:101:33:101:40 | password | an access to password |
 | passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password : string | passwords.go:107:16:107:41 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:107:34:107:41 | password | an access to password |
 | passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password : string | passwords.go:112:15:112:40 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:112:33:112:40 | password | an access to password |
 | passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 : stringable | passwords.go:116:14:116:45 | ...+... | Sensitive data returned by $@ is logged here. | passwords.go:116:28:116:36 | password1 | an access to password1 |
-| passwords.go:125:14:125:19 | config | passwords.go:118:12:123:2 | composite literal : Config | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:118:12:123:2 | composite literal | an access to password |
+| passwords.go:125:14:125:19 | config | passwords.go:118:12:123:2 | struct literal : Config | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:118:12:123:2 | struct literal | an access to password |
 | passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password : string | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:121:13:121:20 | password | an access to password |
 | passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword : string | passwords.go:125:14:125:19 | config | Sensitive data returned by $@ is logged here. | passwords.go:122:13:122:25 | call to getPassword | a call to getPassword |
 | passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password : string | passwords.go:126:14:126:21 | selection of x | Sensitive data returned by $@ is logged here. | passwords.go:121:13:121:20 | password | an access to password |