Merge branch 'main' into python-UBV

python/ql/test/experimental/dataflow/TestUtil/DataFlowConsistency.qll

@@ -39,4 +39,8 @@ private class MyConsistencyConfiguration extends ConsistencyConfiguration {
   override predicate uniqueCallEnclosingCallableExclude(DataFlowCall call) {
     not exists(call.getLocation().getFile().getRelativePath())
   }
+
+  override predicate identityLocalStepExclude(Node n) {
+    not exists(n.getLocation().getFile().getRelativePath())
+  }
 }

python/ql/test/experimental/dataflow/basic/callGraph.ql

@@ -1,5 +1,8 @@
 import experimental.dataflow.callGraphConfig
 
 from DataFlow::Node source, DataFlow::Node sink
-where exists(CallGraphConfig cfg | cfg.hasFlow(source, sink))
+where
+  exists(CallGraphConfig cfg | cfg.hasFlow(source, sink)) and
+  exists(source.getLocation().getFile().getRelativePath()) and
+  exists(sink.getLocation().getFile().getRelativePath())
 select source, sink

python/ql/test/experimental/dataflow/basic/callGraphSinks.expected

@@ -1,5 +1,3 @@
-| file://:0:0:0:0 | parameter position 0 of builtins.reversed |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault |
 | test.py:1:1:1:21 | SynthDictSplatParameterNode |
 | test.py:1:19:1:19 | ControlFlowNode for x |
 | test.py:7:5:7:20 | ControlFlowNode for obfuscated_id() |

python/ql/test/experimental/dataflow/basic/callGraphSinks.ql

@@ -1,5 +1,7 @@
 import experimental.dataflow.callGraphConfig
 
 from DataFlow::Node sink
-where exists(CallGraphConfig cfg | cfg.isSink(sink))
+where
+  exists(CallGraphConfig cfg | cfg.isSink(sink)) and
+  exists(sink.getLocation().getFile().getRelativePath())
 select sink

python/ql/test/experimental/dataflow/basic/callGraphSources.expected

@@ -1,4 +1,2 @@
-| file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed |
-| file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
 | test.py:4:10:4:10 | ControlFlowNode for z |
 | test.py:7:19:7:19 | ControlFlowNode for a |

python/ql/test/experimental/dataflow/basic/callGraphSources.ql

@@ -1,5 +1,7 @@
 import experimental.dataflow.callGraphConfig
 
 from DataFlow::Node source
-where exists(CallGraphConfig cfg | cfg.isSource(source))
+where
+  exists(CallGraphConfig cfg | cfg.isSource(source)) and
+  exists(source.getLocation().getFile().getRelativePath())
 select source

python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/basic/global.expected

@@ -1,5 +1,3 @@
-| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
 | test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |

python/ql/test/experimental/dataflow/basic/global.ql

@@ -3,5 +3,7 @@ import allFlowsConfig
 from DataFlow::Node source, DataFlow::Node sink
 where
   source != sink and
-  exists(AllFlowsConfig cfg | cfg.hasFlow(source, sink))
+  exists(AllFlowsConfig cfg | cfg.hasFlow(source, sink)) and
+  exists(source.getLocation().getFile().getRelativePath()) and
+  exists(sink.getLocation().getFile().getRelativePath())
 select source, sink

python/ql/test/experimental/dataflow/basic/globalStep.expected

@@ -1,5 +1,3 @@
-| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |

python/ql/test/experimental/dataflow/basic/globalStep.ql

@@ -1,5 +1,8 @@
 import allFlowsConfig
 
 from DataFlow::PathNode fromNode, DataFlow::PathNode toNode
-where toNode = fromNode.getASuccessor()
+where
+  toNode = fromNode.getASuccessor() and
+  exists(fromNode.getNode().getLocation().getFile().getRelativePath()) and
+  exists(toNode.getNode().getLocation().getFile().getRelativePath())
 select fromNode, toNode

python/ql/test/experimental/dataflow/basic/local.expected

@@ -1,11 +1,3 @@
-| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed |
-| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed |
-| file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed |
-| file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
-| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed |
-| file://:0:0:0:0 | parameter position 0 of builtins.reversed | file://:0:0:0:0 | parameter position 0 of builtins.reversed |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | parameter position 1 of dict.setdefault |
 | test.py:0:0:0:0 | GSSA Variable __name__ | test.py:0:0:0:0 | GSSA Variable __name__ |
 | test.py:0:0:0:0 | GSSA Variable __package__ | test.py:0:0:0:0 | GSSA Variable __package__ |
 | test.py:0:0:0:0 | GSSA Variable b | test.py:0:0:0:0 | GSSA Variable b |

python/ql/test/experimental/dataflow/basic/local.ql

@@ -1,5 +1,8 @@
 import semmle.python.dataflow.new.DataFlow
 
 from DataFlow::Node fromNode, DataFlow::Node toNode
-where DataFlow::localFlow(fromNode, toNode)
+where
+  DataFlow::localFlow(fromNode, toNode) and
+  exists(fromNode.getLocation().getFile().getRelativePath()) and
+  exists(toNode.getLocation().getFile().getRelativePath())
 select fromNode, toNode

python/ql/test/experimental/dataflow/basic/localStep.expected

@@ -1,5 +1,3 @@
-| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
 | test.py:1:1:1:21 | ControlFlowNode for FunctionExpr | test.py:1:5:1:17 | GSSA Variable obfuscated_id |
 | test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:5:7:17 | ControlFlowNode for obfuscated_id |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:1:19:1:19 | SSA variable x |

python/ql/test/experimental/dataflow/basic/localStep.ql

@@ -1,5 +1,8 @@
 import semmle.python.dataflow.new.DataFlow
 
 from DataFlow::Node fromNode, DataFlow::Node toNode
-where DataFlow::localFlowStep(fromNode, toNode)
+where
+  DataFlow::localFlowStep(fromNode, toNode) and
+  exists(fromNode.getLocation().getFile().getRelativePath()) and
+  exists(toNode.getLocation().getFile().getRelativePath())
 select fromNode, toNode

python/ql/test/experimental/dataflow/basic/maximalFlows.expected

@@ -1,4 +1,3 @@
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:4:10:4:10 | ControlFlowNode for z |
 | test.py:1:19:1:19 | ControlFlowNode for x | test.py:7:1:7:1 | GSSA Variable b |
 | test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |

python/ql/test/experimental/dataflow/basic/maximalFlows.ql

@@ -3,5 +3,7 @@ import maximalFlowsConfig
 from DataFlow::Node source, DataFlow::Node sink
 where
   source != sink and
-  exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink))
+  exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink)) and
+  exists(source.getLocation().getFile().getRelativePath()) and
+  exists(sink.getLocation().getFile().getRelativePath())
 select source, sink

python/ql/test/experimental/dataflow/basic/sinks.expected

@@ -1,9 +1,3 @@
-| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed |
-| file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed |
-| file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
-| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed |
-| file://:0:0:0:0 | parameter position 0 of builtins.reversed |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault |
 | test.py:0:0:0:0 | GSSA Variable __name__ |
 | test.py:0:0:0:0 | GSSA Variable __package__ |
 | test.py:0:0:0:0 | GSSA Variable b |

python/ql/test/experimental/dataflow/basic/sinks.ql

@@ -1,5 +1,7 @@
 import allFlowsConfig
 
 from DataFlow::Node sink
-where exists(AllFlowsConfig cfg | cfg.isSink(sink))
+where
+  exists(AllFlowsConfig cfg | cfg.isSink(sink)) and
+  exists(sink.getLocation().getFile().getRelativePath())
 select sink

python/ql/test/experimental/dataflow/basic/sources.expected

@@ -1,9 +1,3 @@
-| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed |
-| file://:0:0:0:0 | [summary] to write: return (return) in builtins.reversed |
-| file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
-| file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed |
-| file://:0:0:0:0 | parameter position 0 of builtins.reversed |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault |
 | test.py:0:0:0:0 | GSSA Variable __name__ |
 | test.py:0:0:0:0 | GSSA Variable __package__ |
 | test.py:0:0:0:0 | GSSA Variable b |

python/ql/test/experimental/dataflow/basic/sources.ql

@@ -1,5 +1,7 @@
 import allFlowsConfig
 
 from DataFlow::Node source
-where exists(AllFlowsConfig cfg | cfg.isSource(source))
+where
+  exists(AllFlowsConfig cfg | cfg.isSource(source)) and
+  exists(source.getLocation().getFile().getRelativePath())
 select source

python/ql/test/experimental/dataflow/callgraph_crosstalk/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected

@@ -27,3 +27,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected

@@ -25,3 +25,17 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| datamodel.py:84:15:84:15 | ControlFlowNode for x | Node steps to itself |
+| datamodel.py:166:11:166:11 | ControlFlowNode for x | Node steps to itself |
+| test.py:103:10:103:15 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:130:10:130:15 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:162:13:162:18 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:167:13:167:18 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:216:10:216:15 | ControlFlowNode for SOURCE | Node steps to itself |
+| test.py:242:9:242:12 | ControlFlowNode for SINK | Node steps to itself |
+| test.py:669:9:669:12 | ControlFlowNode for SINK | Node steps to itself |
+| test.py:670:9:670:14 | ControlFlowNode for SINK_F | Node steps to itself |
+| test.py:678:9:678:12 | ControlFlowNode for SINK | Node steps to itself |
+| test.py:686:9:686:12 | ControlFlowNode for SINK | Node steps to itself |
+| test.py:692:5:692:8 | ControlFlowNode for SINK | Node steps to itself |

python/ql/test/experimental/dataflow/coverage/test.py

@@ -726,15 +726,15 @@ def test_deep_callgraph():
         return f5(arg)
 
     x = f6(SOURCE)
-    SINK(x) #$ MISSING:flow="SOURCE, l:-1 -> x"
+    SINK(x) #$ flow="SOURCE, l:-1 -> x"
     x = f5(SOURCE)
-    SINK(x) #$ MISSING:flow="SOURCE, l:-1 -> x"
+    SINK(x) #$ flow="SOURCE, l:-1 -> x"
     x = f4(SOURCE)
-    SINK(x) #$ MISSING:flow="SOURCE, l:-1 -> x"
+    SINK(x) #$ flow="SOURCE, l:-1 -> x"
     x = f3(SOURCE)
-    SINK(x) #$ MISSING:flow="SOURCE, l:-1 -> x"
+    SINK(x) #$ flow="SOURCE, l:-1 -> x"
     x = f2(SOURCE)
-    SINK(x) #$ MISSING:flow="SOURCE, l:-1 -> x"
+    SINK(x) #$ flow="SOURCE, l:-1 -> x"
     x = f1(SOURCE)
     SINK(x) #$ flow="SOURCE, l:-1 -> x"
 

python/ql/test/experimental/dataflow/coverage/test_builtins.py

@@ -0,0 +1,357 @@
+# This tests some of the common built-in functions and methods.
+# We need a decent model of data flow through these in order to
+# analyse most programs.
+#
+# All functions starting with "test_" should run and execute `print("OK")` exactly once.
+# This can be checked by running validTest.py.
+
+import sys
+import os
+
+sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from testlib import expects
+
+# These are defined so that we can evaluate the test code.
+NONSOURCE = "not a source"
+SOURCE = "source"
+
+def is_source(x):
+    return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
+
+def SINK(x):
+    if is_source(x):
+        print("OK")
+    else:
+        print("Unexpected flow", x)
+
+def SINK_F(x):
+    if is_source(x):
+        print("Unexpected flow", x)
+    else:
+        print("OK")
+
+
+# Actual tests
+
+## Container constructors
+
+### List
+
+@expects(2)
+def test_list_from_list():
+    l1 = [SOURCE, NONSOURCE]
+    l2 = list(l1)
+    SINK(l2[0]) #$ flow="SOURCE, l:-2 -> l2[0]"
+    SINK_F(l2[1]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l2[1]"
+
+# -- skip list_from_string
+
+@expects(2)
+def test_list_from_tuple():
+    t = (SOURCE, NONSOURCE)
+    l = list(t)
+    SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]"
+    SINK_F(l[1]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[1]"
+
+def test_list_from_set():
+    s = {SOURCE}
+    l = list(s)
+    SINK(l[0]) #$ flow="SOURCE, l:-2 -> l[0]"
+    
+@expects(2)
+def test_list_from_dict():
+    d = {SOURCE: 'v', NONSOURCE: 'v2'}
+    l = list(d)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+    SINK_F(l[1]) # expecting FP due to imprecise flow
+
+### Tuple
+
+@expects(2)
+def test_tuple_from_list():
+    l = [SOURCE, NONSOURCE]
+    t = tuple(l)
+    SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]"
+    SINK_F(t[1])
+
+@expects(2)
+def test_tuple_from_tuple():
+    t0 = (SOURCE, NONSOURCE)
+    t = tuple(t0)
+    SINK(t[0]) #$ flow="SOURCE, l:-2 -> t[0]"
+    SINK_F(t[1])
+
+def test_tuple_from_set():
+    s = {SOURCE}
+    t = tuple(s)
+    SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]"
+
+@expects(2)
+def test_tuple_from_dict():
+    d = {SOURCE: "v1", NONSOURCE: "v2"}
+    t = tuple(d)
+    SINK(t[0]) #$ MISSING: flow="SOURCE, l:-2 -> t[0]"
+    SINK_F(t[1])
+
+
+### Set
+
+def test_set_from_list():
+    l = [SOURCE]
+    s = set(l)
+    v = s.pop()
+    SINK(v) #$ flow="SOURCE, l:-3 -> v"
+
+def test_set_from_tuple():
+    t = (SOURCE,)
+    s = set(t)
+    v = s.pop()
+    SINK(v) #$ flow="SOURCE, l:-3 -> v"
+
+def test_set_from_set():
+    s0 = {SOURCE}
+    s = set(s0)
+    v = s.pop()
+    SINK(v) #$ flow="SOURCE, l:-3 -> v"
+
+def test_set_from_dict():
+    d = {SOURCE: "val"}
+    s = set(d)
+    v = s.pop()
+    SINK(v) #$ MISSING: flow="SOURCE, l:-3 -> v"
+
+
+### Dict
+
+@expects(2)
+def test_dict_from_keyword():
+    d = dict(k = SOURCE, k1 = NONSOURCE)
+    SINK(d["k"]) #$ flow="SOURCE, l:-1 -> d['k']"
+    SINK_F(d["k1"])
+
+@expects(2)
+def test_dict_from_list():
+    d = dict([("k", SOURCE), ("k1", NONSOURCE)])
+    SINK(d["k"]) #$ MISSING: flow="SOURCE, l:-1 -> d[k]"
+    SINK_F(d["k1"])
+
+@expects(2)
+def test_dict_from_dict():
+    d1 = {'k': SOURCE, 'k1': NONSOURCE}
+    d2 = dict(d1)
+    SINK(d2["k"]) #$ flow="SOURCE, l:-2 -> d2['k']"
+    SINK_F(d2["k1"])
+
+## Container methods
+
+### List
+
+def test_list_pop():
+    l = [SOURCE]
+    v = l.pop()
+    SINK(v) #$ flow="SOURCE, l:-2 -> v"
+
+def test_list_pop_index():
+    l = [SOURCE]
+    v = l.pop(0)
+    SINK(v) #$ MISSING: flow="SOURCE, l:-2 -> v"
+
+def test_list_pop_index_imprecise():
+    l = [SOURCE, NONSOURCE]
+    v = l.pop(1)
+    SINK_F(v)
+
+@expects(2)
+def test_list_copy():
+    l0 = [SOURCE, NONSOURCE]
+    l = l0.copy()
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+    SINK_F(l[1])
+
+def test_list_append():
+    l = [NONSOURCE]
+    l.append(SOURCE)
+    SINK(l[1]) #$ MISSING: flow="SOURCE, l:-1 -> l[1]"
+
+### Set
+
+def test_set_pop():
+    s = {SOURCE}
+    v = s.pop()
+    SINK(v) #$ flow="SOURCE, l:-2 -> v"
+
+def test_set_copy():
+    s0 = {SOURCE}
+    s = s0.copy()
+    SINK(s.pop()) #$ MISSING: flow="SOURCE, l:-2 -> s.pop()"
+
+def test_set_add():
+    s = set([])
+    s.add(SOURCE)
+    SINK(s.pop()) #$ MISSING: flow="SOURCE, l:-2 -> s.pop()"
+
+### Dict
+
+def test_dict_keys():
+    d = {SOURCE: "value"}
+    keys = d.keys()
+    key_list = list(keys)
+    SINK(key_list[0]) #$ MISSING: flow="SOURCE, l:-3 -> key_list[0]"
+
+def test_dict_values():
+    d = {'k': SOURCE}
+    vals = d.values()
+    val_list = list(vals)
+    SINK(val_list[0]) #$ MISSING: flow="SOURCE, l:-3 -> val_list[0]"
+
+@expects(4)
+def test_dict_items():
+    d = {'k': SOURCE, SOURCE: "value"}
+    items = d.items()
+    item_list = list(items)
+    SINK_F(item_list[0][0]) # expecting FP due to imprecise flow
+    SINK(item_list[0][1]) #$ MISSING: flow="SOURCE, l:-4 -> item_list[0][1]"
+    SINK(item_list[1][0]) #$ MISSING: flow="SOURCE, l:-5 -> item_list[1][0]"
+    SINK_F(item_list[1][1]) # expecting FP due to imprecise flow
+
+@expects(3)
+def test_dict_pop():
+    d = {'k': SOURCE}
+    v = d.pop("k")
+    SINK(v) #$ flow="SOURCE, l:-2 -> v"
+    v1 = d.pop("k", NONSOURCE)
+    SINK_F(v1) #$ SPURIOUS: flow="SOURCE, l:-4 -> v1"
+    v2 = d.pop("non-existing", SOURCE)
+    SINK(v2) #$ MISSING: flow="SOURCE, l:-1 -> v2"
+
+@expects(2)
+def test_dict_get():
+    d = {'k': SOURCE}
+    v = d.get("k")
+    SINK(v) #$ flow="SOURCE, l:-2 -> v"
+    v1 = d.get("non-existing", SOURCE)
+    SINK(v1) #$ MISSING: flow="SOURCE, l:-1 -> v1"
+
+@expects(2)
+def test_dict_popitem():
+    d = {'k': SOURCE}
+    t = d.popitem() # could be any pair (before 3.7), but we only have one
+    SINK_F(t[0])
+    SINK(t[1]) #$ MISSING: flow="SOURCE, l:-3 -> t[1]"
+
+@expects(2)
+def test_dict_copy():
+    d = {'k': SOURCE, 'k1': NONSOURCE}
+    d1 = d.copy()
+    SINK(d1["k"]) #$ MISSING: flow="SOURCE, l:-2 -> d[k]"
+    SINK_F(d1["k1"])
+
+
+## Functions on containers
+
+### sorted
+
+def test_sorted_list():
+    l0 = [SOURCE]
+    l = sorted(l0)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+
+def test_sorted_tuple():
+    t = (SOURCE,)
+    l = sorted(t)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+
+def test_sorted_set():
+    s = {SOURCE}
+    l = sorted(s)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+
+def test_sorted_dict():
+    d = {SOURCE: "val"}
+    l = sorted(d)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-2 -> l[0]"
+
+### reversed
+
+@expects(2)
+def test_reversed_list():
+    l0 = [SOURCE, NONSOURCE]
+    r = reversed(l0)
+    l = list(r)
+    SINK_F(l[0]) #$ SPURIOUS: flow="SOURCE, l:-3 -> l[0]"
+    SINK(l[1]) #$ flow="SOURCE, l:-4 -> l[1]"
+
+@expects(2)
+def test_reversed_tuple():
+    t = (SOURCE, NONSOURCE)
+    r = reversed(t)
+    l = list(r)
+    SINK_F(l[0])
+    SINK(l[1]) #$ MISSING: flow="SOURCE, l:-4 -> l[1]"
+
+@expects(2)
+def test_reversed_dict():
+    d = {SOURCE: "v1", NONSOURCE: "v2"}
+    r = reversed(d)
+    l = list(r)
+    SINK_F(l[0])
+    SINK(l[1]) #$ MISSING: flow="SOURCE, l:-4 -> l[1]"
+
+### iter
+
+def test_iter_list():
+    l0 = [SOURCE]
+    i = iter(l0)
+    l = list(i)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+
+def test_iter_tuple():
+    t = (SOURCE,)
+    i = iter(t)
+    l = list(i)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+
+def test_iter_set():
+    t = {SOURCE}
+    i = iter(t)
+    l = list(i)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+
+def test_iter_dict():
+    d = {SOURCE: "val"}
+    i = iter(d)
+    l = list(i)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+
+def test_iter_iter():
+    # applying iter() to the result of iter() is basically a no-op
+    l0 = [SOURCE]
+    i = iter(iter(l0))
+    l = list(i)
+    SINK(l[0]) #$ MISSING: flow="SOURCE, l:-3 -> l[0]"
+
+### next
+
+def test_next_list():
+    l = [SOURCE]
+    i = iter(l)
+    n = next(i)
+    SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n"
+
+def test_next_tuple():
+    t = (SOURCE,)
+    i = iter(t)
+    n = next(i)
+    SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n"
+
+def test_next_set():
+    s = {SOURCE}
+    i = iter(s)
+    n = next(i)
+    SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n"
+
+def test_next_dict():
+    d = {SOURCE: "val"}
+    i = iter(d)
+    n = next(i)
+    SINK(n) #$ MISSING: flow="SOURCE, l:-3 -> n"

python/ql/test/experimental/dataflow/exceptions/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/match/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/module-initialization/multiphase.py

@@ -14,21 +14,21 @@ def is_source(x):  #$ importTimeFlow="FunctionExpr -> GSSA Variable is_source"
 
 
 def SINK(x):  #$ importTimeFlow="FunctionExpr -> GSSA Variable SINK"
-    if is_source(x):  #$ runtimeFlow="ModuleVariableNode for multiphase.is_source, l:-17 -> is_source"
-        print("OK")  #$ runtimeFlow="ModuleVariableNode for multiphase.print, l:-18 -> print"
+    if is_source(x):  #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-17 -> is_source"
+        print("OK")  #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-18 -> print"
     else:
-        print("Unexpected flow", x)  #$ runtimeFlow="ModuleVariableNode for multiphase.print, l:-20 -> print"
+        print("Unexpected flow", x)  #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-20 -> print"
 
 
 def SINK_F(x):  #$ importTimeFlow="FunctionExpr -> GSSA Variable SINK_F"
-    if is_source(x):  #$ runtimeFlow="ModuleVariableNode for multiphase.is_source, l:-24 -> is_source"
-        print("Unexpected flow", x)  #$ runtimeFlow="ModuleVariableNode for multiphase.print, l:-25 -> print"
+    if is_source(x):  #$ runtimeFlow="ModuleVariableNode in Module multiphase for is_source, l:-24 -> is_source"
+        print("Unexpected flow", x)  #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-25 -> print"
     else:
-        print("OK")  #$ runtimeFlow="ModuleVariableNode for multiphase.print, l:-27 -> print"
+        print("OK")  #$ runtimeFlow="ModuleVariableNode in Module multiphase for print, l:-27 -> print"
 
 def set_foo():  #$ importTimeFlow="FunctionExpr -> GSSA Variable set_foo"
     global foo
-    foo = SOURCE  #$ runtimeFlow="ModuleVariableNode for multiphase.SOURCE, l:-31 -> SOURCE" # missing final definition of foo
+    foo = SOURCE  #$ runtimeFlow="ModuleVariableNode in Module multiphase for SOURCE, l:-31 -> SOURCE" # missing final definition of foo
 
 foo = NONSOURCE  #$ importTimeFlow="NONSOURCE -> GSSA Variable foo"
 set_foo()
@@ -36,7 +36,7 @@ set_foo()
 @expects(2)
 def test_phases():  #$ importTimeFlow="expects(..)(..), l:-1 -> GSSA Variable test_phases"
     global foo
-    SINK(foo)  #$ runtimeFlow="ModuleVariableNode for multiphase.SINK, l:-39 -> SINK" runtimeFlow="ModuleVariableNode for multiphase.foo, l:-39 -> foo"
-    foo = NONSOURCE  #$ runtimeFlow="ModuleVariableNode for multiphase.NONSOURCE, l:-40 -> NONSOURCE"
-    set_foo()  #$ runtimeFlow="ModuleVariableNode for multiphase.set_foo, l:-41 -> set_foo"
-    SINK(foo)  #$ runtimeFlow="ModuleVariableNode for multiphase.SINK, l:-42 -> SINK" runtimeFlow="ModuleVariableNode for multiphase.foo, l:-42 -> foo"
+    SINK(foo)  #$ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-39 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-39 -> foo"
+    foo = NONSOURCE  #$ runtimeFlow="ModuleVariableNode in Module multiphase for NONSOURCE, l:-40 -> NONSOURCE"
+    set_foo()  #$ runtimeFlow="ModuleVariableNode in Module multiphase for set_foo, l:-41 -> set_foo"
+    SINK(foo)  #$ runtimeFlow="ModuleVariableNode in Module multiphase for SINK, l:-42 -> SINK" runtimeFlow="ModuleVariableNode in Module multiphase for foo, l:-42 -> foo"

python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/strange-essaflow/testFlow.expected

@@ -2,5 +2,5 @@ os_import
 | test.py:2:8:2:9 | GSSA Variable os |
 flowstep
 jumpStep
-| test.py:2:8:2:9 | GSSA Variable os | test.py:0:0:0:0 | ModuleVariableNode for test.os |
+| test.py:2:8:2:9 | GSSA Variable os | test.py:0:0:0:0 | ModuleVariableNode in Module test for os |
 essaFlowStep

python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.expected

@@ -1,5 +1,3 @@
-| file://:0:0:0:0 | [summary] read: argument position 0.List element in builtins.reversed | file://:0:0:0:0 | [summary] to write: return (return).List element in builtins.reversed |
-| file://:0:0:0:0 | parameter position 1 of dict.setdefault | file://:0:0:0:0 | [summary] to write: return (return) in dict.setdefault |
 | test.py:3:1:3:7 | GSSA Variable tainted | test.py:4:6:4:12 | ControlFlowNode for tainted |
 | test.py:3:11:3:16 | ControlFlowNode for SOURCE | test.py:3:1:3:7 | GSSA Variable tainted |
 | test.py:6:1:6:11 | ControlFlowNode for FunctionExpr | test.py:6:5:6:8 | GSSA Variable func |

python/ql/test/experimental/dataflow/tainttracking/basic/LocalTaintStep.ql

@@ -3,5 +3,8 @@ import semmle.python.dataflow.new.TaintTracking
 import semmle.python.dataflow.new.DataFlow
 
 from DataFlow::Node nodeFrom, DataFlow::Node nodeTo
-where TaintTracking::localTaintStep(nodeFrom, nodeTo)
+where
+  TaintTracking::localTaintStep(nodeFrom, nodeTo) and
+  exists(nodeFrom.getLocation().getFile().getRelativePath()) and
+  exists(nodeTo.getLocation().getFile().getRelativePath())
 select nodeFrom, nodeTo

python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected

@@ -23,3 +23,6 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| test_collections.py:20:9:20:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_unpacking.py:31:9:31:22 | ControlFlowNode for ensure_tainted | Node steps to itself |

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected

@@ -23,3 +23,19 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| test_async.py:48:9:48:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:64:10:64:21 | ControlFlowNode for tainted_list | Node steps to itself |
+| test_collections.py:71:9:71:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:73:9:73:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:88:10:88:21 | ControlFlowNode for tainted_list | Node steps to itself |
+| test_collections.py:89:10:89:23 | ControlFlowNode for TAINTED_STRING | Node steps to itself |
+| test_collections.py:97:9:97:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:99:9:99:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:112:9:112:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:114:9:114:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:147:9:147:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:149:9:149:22 | ControlFlowNode for ensure_tainted | Node steps to itself |
+| test_collections.py:246:9:246:15 | ControlFlowNode for my_dict | Node steps to itself |
+| test_collections.py:246:22:246:33 | ControlFlowNode for tainted_dict | Node steps to itself |
+| test_for.py:24:9:24:22 | ControlFlowNode for ensure_tainted | Node steps to itself |

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/test_collections.py

@@ -37,6 +37,14 @@ def test_construction():
         tuple(tainted_list), # $ tainted
         set(tainted_list), # $ tainted
         frozenset(tainted_list), # $ tainted
+        dict(tainted_dict), # $ tainted
+        dict(k = tainted_string)["k"], # $ tainted
+        dict(dict(k = tainted_string))["k"], # $ tainted
+        dict(["k", tainted_string]), # $ tainted
+    )
+
+    ensure_not_tainted(
+        dict(k = tainted_string)["k1"]
     )
 
 
@@ -64,6 +72,31 @@ def test_access(x, y, z):
     for i in reversed(tainted_list):
         ensure_tainted(i) # $ tainted
 
+def test_access_explicit(x, y, z):
+    tainted_list = [TAINTED_STRING]
+
+    ensure_tainted(
+        tainted_list[0], # $ tainted
+        tainted_list[x], # $ tainted
+        tainted_list[y:z], # $ tainted
+
+        sorted(tainted_list)[0], # $ tainted
+        reversed(tainted_list)[0], # $ tainted
+        iter(tainted_list), # $ tainted
+        next(iter(tainted_list)), # $ tainted
+        [i for i in tainted_list], # $ tainted
+        [tainted_list for i in [1,2,3]], # $ MISSING: tainted
+        [TAINTED_STRING for i in [1,2,3]], # $ tainted
+        [tainted_list], # $ tainted
+    )
+
+    a, b, c = tainted_list[0:3]
+    ensure_tainted(a, b, c) # $ tainted
+
+    for h in tainted_list:
+        ensure_tainted(h) # $ tainted
+    for i in reversed(tainted_list):
+        ensure_tainted(i) # $ tainted
 
 def test_dict_access(x):
     tainted_dict = TAINTED_DICT

python/ql/test/experimental/dataflow/tainttracking/generator-flow/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/testConfig.qll

@@ -46,6 +46,4 @@ class TestConfiguration extends DataFlow::Configuration {
   }
 
   override predicate isBarrierIn(DataFlow::Node node) { this.isSource(node) }
-
-  override int explorationLimit() { result = 5 }
 }

python/ql/test/experimental/dataflow/testTaintConfig.qll

@@ -46,6 +46,4 @@ class TestConfiguration extends TaintTracking::Configuration {
   }
 
   override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) }
-
-  override int explorationLimit() { result = 5 }
 }

python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected

@@ -23,3 +23,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/dataflow/typetracking/moduleattr.expected

@@ -1,10 +1,11 @@
 module_tracker
 | import_as_attr.py:1:6:1:11 | ControlFlowNode for ImportExpr |
 module_attr_tracker
-| import_as_attr.py:0:0:0:0 | ModuleVariableNode for import_as_attr.attr_ref |
+| import_as_attr.py:0:0:0:0 | ModuleVariableNode in Module import_as_attr for attr_ref |
 | import_as_attr.py:1:20:1:35 | ControlFlowNode for ImportMember |
 | import_as_attr.py:1:28:1:35 | GSSA Variable attr_ref |
 | import_as_attr.py:3:1:3:1 | GSSA Variable x |
 | import_as_attr.py:3:5:3:12 | ControlFlowNode for attr_ref |
+| import_as_attr.py:5:1:5:10 | GSSA Variable attr_ref |
 | import_as_attr.py:6:5:6:5 | SSA variable y |
 | import_as_attr.py:6:9:6:16 | ControlFlowNode for attr_ref |

python/ql/test/experimental/dataflow/typetracking/test.py

@@ -60,10 +60,10 @@ def test_import():
 def to_inner_scope():
     x = tracked # $tracked
     def foo():
-        y = x # $ MISSING: tracked
-        return y # $ MISSING: tracked
-    also_x = foo() # $ MISSING: tracked
-    print(also_x) # $ MISSING: tracked
+        y = x # $ tracked
+        return y # $ tracked
+    also_x = foo() # $ tracked
+    print(also_x) # $ tracked
 
 # ------------------------------------------------------------------------------
 # Function decorator

python/ql/test/experimental/dataflow/typetracking/tracked.ql

@@ -24,6 +24,11 @@ class TrackedTest extends InlineExpectationsTest {
       tracked(t).flowsTo(e) and
       // Module variables have no sensible location, and hence can't be annotated.
       not e instanceof DataFlow::ModuleVariableNode and
+      // Global variables on line 0 also cannot be annotated
+      not e.getLocation().getStartLine() = 0 and
+      // We do not wish to annotate scope entry definitions,
+      // as they do not appear in the source code.
+      not e.asVar() instanceof ScopeEntryDefinition and
       tag = "tracked" and
       location = e.getLocation() and
       value = t.getAttr() and

python/ql/test/experimental/dataflow/validTest.py

@@ -64,12 +64,15 @@ if __name__ == "__main__":
     check_tests_valid("coverage.test")
     check_tests_valid("coverage.argumentPassing")
     check_tests_valid("coverage.datamodel")
+    check_tests_valid("coverage.test_builtins")
     check_tests_valid("coverage-py2.classes")
     check_tests_valid("coverage-py3.classes")
     check_tests_valid("variable-capture.in")
     check_tests_valid("variable-capture.nonlocal")
+    check_tests_valid("variable-capture.global")
     check_tests_valid("variable-capture.dict")
-    check_tests_valid("variable-capture.collections")
+    check_tests_valid("variable-capture.test_collections")
+    check_tests_valid("variable-capture.by_value")
     check_tests_valid("module-initialization.multiphase")
     check_tests_valid("fieldflow.test")
     check_tests_valid("fieldflow.test_dict")

python/ql/test/experimental/dataflow/variable-capture/by_value.py

@@ -0,0 +1,52 @@
+# Here we test capturing the _value_ of a variable (by using it as the default value for a parameter)
+# All functions starting with "test_" should run and execute `print("OK")` exactly once.
+# This can be checked by running validTest.py.
+
+import sys
+import os
+
+sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from testlib import expects
+
+# These are defined so that we can evaluate the test code.
+NONSOURCE = "not a source"
+SOURCE = "source"
+
+def is_source(x):
+    return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
+
+
+def SINK(x):
+    if is_source(x):
+        print("OK")
+    else:
+        print("Unexpected flow", x)
+
+
+def SINK_F(x):
+    if is_source(x):
+        print("Unexpected flow", x)
+    else:
+        print("OK")
+
+
+def by_value1():
+    a = SOURCE
+    def inner(a_val=a):
+        SINK(a_val) #$ captured
+        SINK_F(a)
+    a = NONSOURCE
+    inner()
+
+def by_value2():
+    a = NONSOURCE
+    def inner(a_val=a):
+        SINK(a) #$ MISSING:captured
+        SINK_F(a_val)
+    a = SOURCE
+    inner()
+
+@expects(4)
+def test_by_value():
+    by_value1()
+    by_value2()

python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected

@@ -1,10 +1,11 @@
 uniqueEnclosingCallable
 uniqueCallEnclosingCallable
-| collections.py:39:17:39:38 | Lambda() | Call should have one enclosing callable but has 0. |
-| collections.py:39:17:39:38 | Lambda() | Call should have one enclosing callable but has 0. |
-| collections.py:45:19:45:24 | mod() | Call should have one enclosing callable but has 0. |
-| collections.py:45:19:45:24 | mod() | Call should have one enclosing callable but has 0. |
-| collections.py:52:13:52:24 | mod_local() | Call should have one enclosing callable but has 0. |
+| test_collections.py:39:17:39:38 | Lambda() | Call should have one enclosing callable but has 0. |
+| test_collections.py:39:17:39:38 | Lambda() | Call should have one enclosing callable but has 0. |
+| test_collections.py:45:19:45:24 | mod() | Call should have one enclosing callable but has 0. |
+| test_collections.py:45:19:45:24 | mod() | Call should have one enclosing callable but has 0. |
+| test_collections.py:52:13:52:24 | mod_local() | Call should have one enclosing callable but has 0. |
+| test_collections.py:52:13:52:24 | mod_local() | Call should have one enclosing callable but has 0. |
 uniqueType
 uniqueNodeLocation
 missingLocation
@@ -28,3 +29,7 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| test_collections.py:36:10:36:15 | ControlFlowNode for SOURCE | Node steps to itself |
+| test_collections.py:45:19:45:21 | ControlFlowNode for mod | Node steps to itself |
+| test_collections.py:52:13:52:21 | ControlFlowNode for mod_local | Node steps to itself |

python/ql/test/experimental/dataflow/variable-capture/dict.py

@@ -77,16 +77,18 @@ def through(tainted):
     captureOut2()
     SINK(sinkO2["x"]) #$ MISSING:captured
 
-    nonSink0 = { "x": "" }
+    nonSink1 = { "x": "" }
     def captureOut1NotCalled():
-        nonSink0["x"] = tainted
-    SINK_F(nonSink0["x"])
+        nonSink1["x"] = tainted
+    SINK_F(nonSink1["x"])
 
+    nonSink2 = { "x": "" }
     def captureOut2NotCalled():
+        # notice that `m` is not called
         def m():
-            nonSink0["x"] = tainted
+            nonSink2["x"] = tainted
     captureOut2NotCalled()
-    SINK_F(nonSink0["x"])
+    SINK_F(nonSink2["x"])
 
 @expects(4)
 def test_through():

python/ql/test/experimental/dataflow/variable-capture/global.py

@@ -0,0 +1,106 @@
+# Here we test writing to a captured global variable via the `global` keyword (see `out`).
+# We also test reading one captured variable and writing the value to another (see `through`).
+
+# All functions starting with "test_" should run and execute `print("OK")` exactly once.
+# This can be checked by running validTest.py.
+
+import sys
+import os
+
+sys.path.append(os.path.dirname(os.path.dirname((__file__))))
+from testlib import expects
+
+# These are defined so that we can evaluate the test code.
+NONSOURCE = "not a source"
+SOURCE = "source"
+
+def is_source(x):
+    return x == "source" or x == b"source" or x == 42 or x == 42.0 or x == 42j
+
+
+def SINK(x):
+    if is_source(x):
+        print("OK")
+    else:
+        print("Unexpected flow", x)
+
+
+def SINK_F(x):
+    if is_source(x):
+        print("Unexpected flow", x)
+    else:
+        print("OK")
+
+
+sinkO1 = ""
+sinkO2 = ""
+nonSink1 = ""
+nonSink2 = ""
+
+def out():
+    def captureOut1():
+        global sinkO1
+        sinkO1 = SOURCE
+    captureOut1()
+    SINK(sinkO1) #$ captured
+
+    def captureOut2():
+        def m():
+            global sinkO2
+            sinkO2 = SOURCE
+        m()
+    captureOut2()
+    SINK(sinkO2) #$ captured
+
+    def captureOut1NotCalled():
+        global nonSink1
+        nonSink1 = SOURCE
+    SINK_F(nonSink1) #$ SPURIOUS: captured
+
+    def captureOut2NotCalled():
+        # notice that `m` is not called
+        def m():
+            global nonSink2
+            nonSink2 = SOURCE
+    captureOut2NotCalled()
+    SINK_F(nonSink2) #$ SPURIOUS: captured
+
+@expects(4)
+def test_out():
+    out()
+
+sinkT1 = ""
+sinkT2 = ""
+nonSinkT1 = ""
+nonSinkT2 = ""
+def through(tainted):
+    def captureOut1():
+        global sinkT1
+        sinkT1 = tainted
+    captureOut1()
+    SINK(sinkT1) #$ MISSING:captured
+
+    def captureOut2():
+        def m():
+            global sinkT2
+            sinkT2 = tainted
+        m()
+    captureOut2()
+    SINK(sinkT2) #$ MISSING:captured
+
+    def captureOut1NotCalled():
+        global nonSinkT1
+        nonSinkT1 = tainted
+    SINK_F(nonSinkT1)
+
+    def captureOut2NotCalled():
+        # notice that `m` is not called
+        def m():
+            global nonSinkT2
+            nonSinkT2 = tainted
+    captureOut2NotCalled()
+    SINK_F(nonSinkT2)
+
+@expects(4)
+def test_through():
+    through(SOURCE)

python/ql/test/experimental/dataflow/variable-capture/in.py

@@ -48,13 +48,14 @@ def inParam(tainted):
     captureIn3("")
 
     def captureIn1NotCalled():
-        nonSink0 = tainted
-        SINK_F(nonSink0)
+        nonSink1 = tainted
+        SINK_F(nonSink1)
 
     def captureIn2NotCalled():
+        # notice that `m` is not called
         def m():
-            nonSink0 = tainted
-            SINK_F(nonSink0)
+            nonSink1 = tainted
+            SINK_F(nonSink1)
     captureIn2NotCalled()
 
 @expects(3)
@@ -81,13 +82,14 @@ def inLocal():
     captureIn3("")
 
     def captureIn1NotCalled():
-        nonSink0 = tainted
-        SINK_F(nonSink0)
+        nonSink1 = tainted
+        SINK_F(nonSink1)
 
     def captureIn2NotCalled():
+        # notice that `m` is not called
         def m():
-            nonSink0 = tainted
-            SINK_F(nonSink0)
+            nonSink2 = tainted
+            SINK_F(nonSink2)
     captureIn2NotCalled()
 
 @expects(3)

python/ql/test/experimental/dataflow/variable-capture/nonlocal.py

@@ -49,18 +49,20 @@ def out():
     captureOut2()
     SINK(sinkO2) #$ MISSING:captured
 
-    nonSink0 = ""
+    nonSink1 = ""
     def captureOut1NotCalled():
-        nonlocal nonSink0
-        nonSink0 = SOURCE
-    SINK_F(nonSink0)
+        nonlocal nonSink1
+        nonSink1 = SOURCE
+    SINK_F(nonSink1)
 
+    nonSink2 = ""
     def captureOut2NotCalled():
+        # notice that `m` is not called
         def m():
-            nonlocal nonSink0
-            nonSink0 = SOURCE
+            nonlocal nonSink2
+            nonSink2 = SOURCE
     captureOut2NotCalled()
-    SINK_F(nonSink0)
+    SINK_F(nonSink2)
 
 @expects(4)
 def test_out():
@@ -83,18 +85,20 @@ def through(tainted):
     captureOut2()
     SINK(sinkO2) #$ MISSING:captured
 
-    nonSink0 = ""
+    nonSink1 = ""
     def captureOut1NotCalled():
-        nonlocal nonSink0
-        nonSink0 = tainted
-    SINK_F(nonSink0)
+        nonlocal nonSink1
+        nonSink1 = tainted
+    SINK_F(nonSink1)
 
+    nonSink2 = ""
     def captureOut2NotCalled():
+        # notice that `m` is not called
         def m():
-            nonlocal nonSink0
-            nonSink0 = tainted
+            nonlocal nonSink2
+            nonSink2 = tainted
     captureOut2NotCalled()
-    SINK_F(nonSink0)
+    SINK_F(nonSink2)
 
 @expects(4)
 def test_through():

python/ql/test/experimental/dataflow/variable-capture/test_collections.py

@@ -52,7 +52,7 @@ def mod_list(l):
     return [mod_local(x) for x in l]
 
 l_modded = mod_list(l)
-SINK(l_modded[0]) #$ MISSING: captured
+SINK(l_modded[0]) #$ captured
 
 def mod_list_first(l):
     def mod_local(x):

python/ql/test/experimental/library-tests/CallGraph/dataflow-consistency.expected

@@ -54,3 +54,4 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep

python/ql/test/experimental/meta/ConceptsTest.qll

@@ -297,7 +297,7 @@ class HttpServerHttpResponseTest extends InlineExpectationsTest {
     location.getFile() = file and
     exists(file.getRelativePath()) and
     // we need to do this step since we expect subclasses could override getARelevantTag
-    tag = getARelevantTag() and
+    tag = this.getARelevantTag() and
     (
       exists(Http::Server::HttpResponse response |
         location = response.getLocation() and

python/ql/test/experimental/meta/debug/InlineTaintTestPaths.ql

@@ -9,17 +9,27 @@
 // 3. if necessary, look at partial paths by (un)commenting appropriate lines
 import python
 import semmle.python.dataflow.new.DataFlow
+import semmle.python.dataflow.new.TaintTracking
 import experimental.meta.InlineTaintTest::Conf
-// import DataFlow::PartialPathGraph
-import DataFlow::PathGraph
 
-class Conf extends TestTaintTrackingConfiguration {
-  // override int explorationLimit() { result = 5 }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) {
+    any(TestTaintTrackingConfiguration c).isSource(source)
+  }
+
+  predicate isSink(DataFlow::Node source) { any(TestTaintTrackingConfiguration c).isSink(source) }
 }
 
-// from Conf config, DataFlow::PartialPathNode source, DataFlow::PartialPathNode sink
-// where config.hasPartialFlow(source, sink, _)
-from Conf config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
+module Flows = TaintTracking::Global<Config>;
+
+import Flows::PathGraph
+
+// int explorationLimit() { result = 5 }
+// module FlowsPartial = Flows::FlowExploration<explorationLimit/0>;
+// import FlowsPartial::PartialPathGraph
+from Flows::PathNode source, Flows::PathNode sink
+where Flows::flowPath(source, sink)
+// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink
+// where FlowsPartial::partialFlow(source, sink, _)
 select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(),
   "this source"

python/ql/test/experimental/meta/debug/dataflowTestPaths.ql

@@ -10,16 +10,23 @@
 import python
 import semmle.python.dataflow.new.DataFlow
 import experimental.dataflow.testConfig
-// import DataFlow::PartialPathGraph
-import DataFlow::PathGraph
 
-class Conf extends TestConfiguration {
-  override int explorationLimit() { result = 5 }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { any(TestConfiguration c).isSource(source) }
+
+  predicate isSink(DataFlow::Node source) { any(TestConfiguration c).isSink(source) }
 }
 
-// from Conf config, DataFlow::PartialPathNode source, DataFlow::PartialPathNode sink
-// where config.hasPartialFlow(source, sink, _)
-from Conf config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This node receives taint from $@.", source.getNode(),
+module Flows = DataFlow::Global<Config>;
+
+import Flows::PathGraph
+
+// int explorationLimit() { result = 5 }
+// module FlowsPartial = Flows::FlowExploration<explorationLimit/0>;
+// import FlowsPartial::PartialPathGraph
+from Flows::PathNode source, Flows::PathNode sink
+where Flows::flowPath(source, sink)
+// from FlowsPartial::PartialPathNode source, FlowsPartial::PartialPathNode sink
+// where FlowsPartial::partialFlow(source, sink, _)
+select sink.getNode(), source, sink, "This node receives flow from $@.", source.getNode(),
   "this source"

python/ql/test/experimental/query-tests/Security/CWE-022-UnsafeUnpacking/UnsafeUnpack.expected

@@ -1,7 +1,6 @@
 edges
-| UnsafeUnpack.py:0:0:0:0 | ModuleVariableNode for UnsafeUnpack.request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request |
 | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | UnsafeUnpack.py:5:26:5:32 | GSSA Variable request |
-| UnsafeUnpack.py:5:26:5:32 | GSSA Variable request | UnsafeUnpack.py:0:0:0:0 | ModuleVariableNode for UnsafeUnpack.request |
+| UnsafeUnpack.py:5:26:5:32 | GSSA Variable request | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request |
 | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute |
 | UnsafeUnpack.py:11:18:11:29 | ControlFlowNode for Attribute | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:11:18:11:49 | ControlFlowNode for Attribute() | UnsafeUnpack.py:17:27:17:38 | ControlFlowNode for Attribute |
@@ -28,7 +27,6 @@ edges
 | UnsafeUnpack.py:174:15:174:26 | ControlFlowNode for Attribute | UnsafeUnpack.py:176:1:176:34 | ControlFlowNode for Attribute() |
 | UnsafeUnpack.py:194:53:194:55 | ControlFlowNode for tmp | UnsafeUnpack.py:201:29:201:36 | ControlFlowNode for Attribute |
 nodes
-| UnsafeUnpack.py:0:0:0:0 | ModuleVariableNode for UnsafeUnpack.request | semmle.label | ModuleVariableNode for UnsafeUnpack.request |
 | UnsafeUnpack.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | UnsafeUnpack.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | UnsafeUnpack.py:11:18:11:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/experimental/query-tests/Security/CWE-079/ReflectedXSS.expected

@@ -1,9 +1,8 @@
 edges
-| flask_mail.py:0:0:0:0 | ModuleVariableNode for flask_mail.request | flask_mail.py:13:22:13:28 | ControlFlowNode for request |
-| flask_mail.py:0:0:0:0 | ModuleVariableNode for flask_mail.request | flask_mail.py:18:14:18:20 | ControlFlowNode for request |
-| flask_mail.py:0:0:0:0 | ModuleVariableNode for flask_mail.request | flask_mail.py:31:24:31:30 | ControlFlowNode for request |
 | flask_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | flask_mail.py:1:19:1:25 | GSSA Variable request |
-| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:0:0:0:0 | ModuleVariableNode for flask_mail.request |
+| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:13:22:13:28 | ControlFlowNode for request |
+| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:18:14:18:20 | ControlFlowNode for request |
+| flask_mail.py:1:19:1:25 | GSSA Variable request | flask_mail.py:31:24:31:30 | ControlFlowNode for request |
 | flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:13:22:13:33 | ControlFlowNode for Attribute |
 | flask_mail.py:13:22:13:28 | ControlFlowNode for request | flask_mail.py:18:14:18:25 | ControlFlowNode for Attribute |
 | flask_mail.py:13:22:13:33 | ControlFlowNode for Attribute | flask_mail.py:13:22:13:41 | ControlFlowNode for Subscript |
@@ -11,11 +10,10 @@ edges
 | flask_mail.py:18:14:18:25 | ControlFlowNode for Attribute | flask_mail.py:18:14:18:33 | ControlFlowNode for Subscript |
 | flask_mail.py:31:24:31:30 | ControlFlowNode for request | flask_mail.py:31:24:31:35 | ControlFlowNode for Attribute |
 | flask_mail.py:31:24:31:35 | ControlFlowNode for Attribute | flask_mail.py:31:24:31:43 | ControlFlowNode for Subscript |
-| sendgrid_mail.py:0:0:0:0 | ModuleVariableNode for sendgrid_mail.request | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request |
-| sendgrid_mail.py:0:0:0:0 | ModuleVariableNode for sendgrid_mail.request | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request |
-| sendgrid_mail.py:0:0:0:0 | ModuleVariableNode for sendgrid_mail.request | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request |
 | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | sendgrid_mail.py:1:19:1:25 | GSSA Variable request |
-| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:0:0:0:0 | ModuleVariableNode for sendgrid_mail.request |
+| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request |
+| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request |
+| sendgrid_mail.py:1:19:1:25 | GSSA Variable request | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request |
 | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | sendgrid_mail.py:14:22:14:33 | ControlFlowNode for Attribute |
 | sendgrid_mail.py:14:22:14:33 | ControlFlowNode for Attribute | sendgrid_mail.py:14:22:14:49 | ControlFlowNode for Subscript |
 | sendgrid_mail.py:26:34:26:40 | ControlFlowNode for request | sendgrid_mail.py:26:34:26:45 | ControlFlowNode for Attribute |
@@ -23,11 +21,10 @@ edges
 | sendgrid_mail.py:26:34:26:61 | ControlFlowNode for Subscript | sendgrid_mail.py:26:22:26:62 | ControlFlowNode for HtmlContent() |
 | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | sendgrid_mail.py:37:41:37:52 | ControlFlowNode for Attribute |
 | sendgrid_mail.py:37:41:37:52 | ControlFlowNode for Attribute | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript |
-| sendgrid_via_mail_send_post_request_body_bad.py:0:0:0:0 | ModuleVariableNode for sendgrid_via_mail_send_post_request_body_bad.request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request |
-| sendgrid_via_mail_send_post_request_body_bad.py:0:0:0:0 | ModuleVariableNode for sendgrid_via_mail_send_post_request_body_bad.request | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request |
-| sendgrid_via_mail_send_post_request_body_bad.py:0:0:0:0 | ModuleVariableNode for sendgrid_via_mail_send_post_request_body_bad.request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request |
 | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request |
-| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:0:0:0:0 | ModuleVariableNode for sendgrid_via_mail_send_post_request_body_bad.request |
+| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request |
+| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:56 | ControlFlowNode for request |
+| sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:62 | ControlFlowNode for Attribute |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:27:50:27:61 | ControlFlowNode for Attribute |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:51:16:57 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:61 | ControlFlowNode for Attribute |
@@ -40,15 +37,13 @@ edges
 | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:61 | ControlFlowNode for Attribute |
 | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:61 | ControlFlowNode for Attribute | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:78 | ControlFlowNode for Subscript |
 | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:78 | ControlFlowNode for Subscript | sendgrid_via_mail_send_post_request_body_bad.py:41:25:41:79 | ControlFlowNode for Attribute() |
-| smtplib_bad_subparts.py:0:0:0:0 | ModuleVariableNode for smtplib_bad_subparts.request | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request |
 | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request |
-| smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request | smtplib_bad_subparts.py:0:0:0:0 | ModuleVariableNode for smtplib_bad_subparts.request |
+| smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request |
 | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | smtplib_bad_subparts.py:17:12:17:23 | ControlFlowNode for Attribute |
 | smtplib_bad_subparts.py:17:12:17:23 | ControlFlowNode for Attribute | smtplib_bad_subparts.py:17:12:17:33 | ControlFlowNode for Subscript |
 | smtplib_bad_subparts.py:17:12:17:33 | ControlFlowNode for Subscript | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html |
-| smtplib_bad_via_attach.py:0:0:0:0 | ModuleVariableNode for smtplib_bad_via_attach.request | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request |
 | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request |
-| smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request | smtplib_bad_via_attach.py:0:0:0:0 | ModuleVariableNode for smtplib_bad_via_attach.request |
+| smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request |
 | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | smtplib_bad_via_attach.py:20:12:20:23 | ControlFlowNode for Attribute |
 | smtplib_bad_via_attach.py:20:12:20:23 | ControlFlowNode for Attribute | smtplib_bad_via_attach.py:20:12:20:31 | ControlFlowNode for Subscript |
 | smtplib_bad_via_attach.py:20:12:20:31 | ControlFlowNode for Subscript | smtplib_bad_via_attach.py:27:22:27:25 | ControlFlowNode for html |
@@ -56,7 +51,6 @@ nodes
 | django_mail.py:14:48:14:82 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | django_mail.py:23:30:23:64 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | django_mail.py:25:32:25:66 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| flask_mail.py:0:0:0:0 | ModuleVariableNode for flask_mail.request | semmle.label | ModuleVariableNode for flask_mail.request |
 | flask_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | flask_mail.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request |
 | flask_mail.py:13:22:13:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -68,7 +62,6 @@ nodes
 | flask_mail.py:31:24:31:30 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_mail.py:31:24:31:35 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | flask_mail.py:31:24:31:43 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| sendgrid_mail.py:0:0:0:0 | ModuleVariableNode for sendgrid_mail.request | semmle.label | ModuleVariableNode for sendgrid_mail.request |
 | sendgrid_mail.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | sendgrid_mail.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request |
 | sendgrid_mail.py:14:22:14:28 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -81,7 +74,6 @@ nodes
 | sendgrid_mail.py:37:41:37:47 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | sendgrid_mail.py:37:41:37:52 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | sendgrid_mail.py:37:41:37:68 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| sendgrid_via_mail_send_post_request_body_bad.py:0:0:0:0 | ModuleVariableNode for sendgrid_via_mail_send_post_request_body_bad.request | semmle.label | ModuleVariableNode for sendgrid_via_mail_send_post_request_body_bad.request |
 | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | sendgrid_via_mail_send_post_request_body_bad.py:3:19:3:25 | GSSA Variable request | semmle.label | GSSA Variable request |
 | sendgrid_via_mail_send_post_request_body_bad.py:16:26:16:79 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
@@ -96,14 +88,12 @@ nodes
 | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:56 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:61 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | sendgrid_via_mail_send_post_request_body_bad.py:41:50:41:78 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
-| smtplib_bad_subparts.py:0:0:0:0 | ModuleVariableNode for smtplib_bad_subparts.request | semmle.label | ModuleVariableNode for smtplib_bad_subparts.request |
 | smtplib_bad_subparts.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | smtplib_bad_subparts.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | smtplib_bad_subparts.py:17:12:17:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | smtplib_bad_subparts.py:17:12:17:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | smtplib_bad_subparts.py:17:12:17:33 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | smtplib_bad_subparts.py:24:22:24:25 | ControlFlowNode for html | semmle.label | ControlFlowNode for html |
-| smtplib_bad_via_attach.py:0:0:0:0 | ModuleVariableNode for smtplib_bad_via_attach.request | semmle.label | ModuleVariableNode for smtplib_bad_via_attach.request |
 | smtplib_bad_via_attach.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | smtplib_bad_via_attach.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | smtplib_bad_via_attach.py:20:12:20:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/experimental/query-tests/Security/CWE-113/HeaderInjection.expected

@@ -1,12 +1,11 @@
 edges
 | django_bad.py:5:18:5:58 | ControlFlowNode for Attribute() | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header |
 | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | flask_bad.py:9:18:9:24 | ControlFlowNode for request |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | flask_bad.py:19:18:19:24 | ControlFlowNode for request |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | flask_bad.py:27:18:27:24 | ControlFlowNode for request |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | flask_bad.py:35:18:35:24 | ControlFlowNode for request |
 | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | flask_bad.py:1:29:1:35 | GSSA Variable request |
-| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request |
+| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:9:18:9:24 | ControlFlowNode for request |
+| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:19:18:19:24 | ControlFlowNode for request |
+| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:27:18:27:24 | ControlFlowNode for request |
+| flask_bad.py:1:29:1:35 | GSSA Variable request | flask_bad.py:35:18:35:24 | ControlFlowNode for request |
 | flask_bad.py:9:18:9:24 | ControlFlowNode for request | flask_bad.py:9:18:9:29 | ControlFlowNode for Attribute |
 | flask_bad.py:9:18:9:29 | ControlFlowNode for Attribute | flask_bad.py:9:18:9:43 | ControlFlowNode for Subscript |
 | flask_bad.py:9:18:9:43 | ControlFlowNode for Subscript | flask_bad.py:12:31:12:40 | ControlFlowNode for rfs_header |
@@ -24,7 +23,6 @@ nodes
 | django_bad.py:7:40:7:49 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
 | django_bad.py:12:18:12:58 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | django_bad.py:14:30:14:39 | ControlFlowNode for rfs_header | semmle.label | ControlFlowNode for rfs_header |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | semmle.label | ModuleVariableNode for flask_bad.request |
 | flask_bad.py:1:29:1:35 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | flask_bad.py:1:29:1:35 | GSSA Variable request | semmle.label | GSSA Variable request |
 | flask_bad.py:9:18:9:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/experimental/query-tests/Security/CWE-1236/CsvInjection.expected

@@ -1,15 +1,13 @@
 edges
-| csv_bad.py:0:0:0:0 | ModuleVariableNode for csv_bad.request | csv_bad.py:16:16:16:22 | ControlFlowNode for request |
-| csv_bad.py:0:0:0:0 | ModuleVariableNode for csv_bad.request | csv_bad.py:24:16:24:22 | ControlFlowNode for request |
 | csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | csv_bad.py:9:19:9:25 | GSSA Variable request |
-| csv_bad.py:9:19:9:25 | GSSA Variable request | csv_bad.py:0:0:0:0 | ModuleVariableNode for csv_bad.request |
+| csv_bad.py:9:19:9:25 | GSSA Variable request | csv_bad.py:16:16:16:22 | ControlFlowNode for request |
+| csv_bad.py:9:19:9:25 | GSSA Variable request | csv_bad.py:24:16:24:22 | ControlFlowNode for request |
 | csv_bad.py:16:16:16:22 | ControlFlowNode for request | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute |
 | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | csv_bad.py:18:24:18:31 | ControlFlowNode for csv_data |
 | csv_bad.py:16:16:16:27 | ControlFlowNode for Attribute | csv_bad.py:19:25:19:32 | ControlFlowNode for csv_data |
 | csv_bad.py:24:16:24:22 | ControlFlowNode for request | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute |
 | csv_bad.py:24:16:24:27 | ControlFlowNode for Attribute | csv_bad.py:25:46:25:53 | ControlFlowNode for csv_data |
 nodes
-| csv_bad.py:0:0:0:0 | ModuleVariableNode for csv_bad.request | semmle.label | ModuleVariableNode for csv_bad.request |
 | csv_bad.py:9:19:9:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | csv_bad.py:9:19:9:25 | GSSA Variable request | semmle.label | GSSA Variable request |
 | csv_bad.py:16:16:16:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected

@@ -1,10 +1,9 @@
 edges
-| TimingAttackAgainstSensitiveInfo.py:0:0:0:0 | ModuleVariableNode for TimingAttackAgainstSensitiveInfo.request | TimingAttackAgainstSensitiveInfo.py:14:8:14:14 | ControlFlowNode for request |
-| TimingAttackAgainstSensitiveInfo.py:0:0:0:0 | ModuleVariableNode for TimingAttackAgainstSensitiveInfo.request | TimingAttackAgainstSensitiveInfo.py:15:20:15:26 | ControlFlowNode for request |
-| TimingAttackAgainstSensitiveInfo.py:0:0:0:0 | ModuleVariableNode for TimingAttackAgainstSensitiveInfo.request | TimingAttackAgainstSensitiveInfo.py:20:8:20:14 | ControlFlowNode for request |
-| TimingAttackAgainstSensitiveInfo.py:0:0:0:0 | ModuleVariableNode for TimingAttackAgainstSensitiveInfo.request | TimingAttackAgainstSensitiveInfo.py:21:20:21:26 | ControlFlowNode for request |
 | TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | ControlFlowNode for ImportMember | TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | GSSA Variable request |
-| TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | GSSA Variable request | TimingAttackAgainstSensitiveInfo.py:0:0:0:0 | ModuleVariableNode for TimingAttackAgainstSensitiveInfo.request |
+| TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | GSSA Variable request | TimingAttackAgainstSensitiveInfo.py:14:8:14:14 | ControlFlowNode for request |
+| TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | GSSA Variable request | TimingAttackAgainstSensitiveInfo.py:15:20:15:26 | ControlFlowNode for request |
+| TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | GSSA Variable request | TimingAttackAgainstSensitiveInfo.py:20:8:20:14 | ControlFlowNode for request |
+| TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | GSSA Variable request | TimingAttackAgainstSensitiveInfo.py:21:20:21:26 | ControlFlowNode for request |
 | TimingAttackAgainstSensitiveInfo.py:14:8:14:14 | ControlFlowNode for request | TimingAttackAgainstSensitiveInfo.py:15:20:15:31 | ControlFlowNode for Attribute |
 | TimingAttackAgainstSensitiveInfo.py:15:20:15:26 | ControlFlowNode for request | TimingAttackAgainstSensitiveInfo.py:15:20:15:31 | ControlFlowNode for Attribute |
 | TimingAttackAgainstSensitiveInfo.py:15:20:15:31 | ControlFlowNode for Attribute | TimingAttackAgainstSensitiveInfo.py:15:20:15:38 | ControlFlowNode for Subscript |
@@ -14,7 +13,6 @@ edges
 | TimingAttackAgainstSensitiveInfo.py:21:20:21:31 | ControlFlowNode for Attribute | TimingAttackAgainstSensitiveInfo.py:21:20:21:38 | ControlFlowNode for Subscript |
 | TimingAttackAgainstSensitiveInfo.py:21:20:21:38 | ControlFlowNode for Subscript | TimingAttackAgainstSensitiveInfo.py:22:38:22:45 | ControlFlowNode for password |
 nodes
-| TimingAttackAgainstSensitiveInfo.py:0:0:0:0 | ModuleVariableNode for TimingAttackAgainstSensitiveInfo.request | semmle.label | ModuleVariableNode for TimingAttackAgainstSensitiveInfo.request |
 | TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | TimingAttackAgainstSensitiveInfo.py:7:19:7:25 | GSSA Variable request | semmle.label | GSSA Variable request |
 | TimingAttackAgainstSensitiveInfo.py:14:8:14:14 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/experimental/query-tests/Security/CWE-327-UnsafeUsageOfClientSideEncryptionVersion/UnsafeUsageOfClientSideEncryptionVersion.expected

@@ -1,8 +1,7 @@
 edges
-| test.py:0:0:0:0 | ModuleVariableNode for test.BSC | test.py:7:19:7:21 | ControlFlowNode for BSC |
-| test.py:0:0:0:0 | ModuleVariableNode for test.BSC | test.py:35:19:35:21 | ControlFlowNode for BSC |
-| test.py:0:0:0:0 | ModuleVariableNode for test.BSC | test.py:66:19:66:21 | ControlFlowNode for BSC |
-| test.py:3:1:3:3 | GSSA Variable BSC | test.py:0:0:0:0 | ModuleVariableNode for test.BSC |
+| test.py:3:1:3:3 | GSSA Variable BSC | test.py:7:19:7:21 | ControlFlowNode for BSC |
+| test.py:3:1:3:3 | GSSA Variable BSC | test.py:35:19:35:21 | ControlFlowNode for BSC |
+| test.py:3:1:3:3 | GSSA Variable BSC | test.py:66:19:66:21 | ControlFlowNode for BSC |
 | test.py:3:7:3:51 | ControlFlowNode for Attribute() | test.py:3:1:3:3 | GSSA Variable BSC |
 | test.py:7:19:7:21 | ControlFlowNode for BSC | test.py:8:5:8:15 | ControlFlowNode for blob_client |
 | test.py:8:5:8:15 | ControlFlowNode for blob_client | test.py:9:5:9:15 | ControlFlowNode for blob_client |
@@ -27,7 +26,6 @@ edges
 | test.py:69:12:69:22 | ControlFlowNode for blob_client | test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() |
 | test.py:73:10:73:33 | ControlFlowNode for get_unsafe_blob_client() | test.py:75:9:75:10 | ControlFlowNode for bc |
 nodes
-| test.py:0:0:0:0 | ModuleVariableNode for test.BSC | semmle.label | ModuleVariableNode for test.BSC |
 | test.py:3:1:3:3 | GSSA Variable BSC | semmle.label | GSSA Variable BSC |
 | test.py:3:7:3:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | test.py:7:19:7:21 | ControlFlowNode for BSC | semmle.label | ControlFlowNode for BSC |

python/ql/test/experimental/query-tests/Security/CWE-522/LDAPInsecureAuth.expected

@@ -1,7 +1,6 @@
 edges
-| ldap3_remote.py:0:0:0:0 | ModuleVariableNode for ldap3_remote.request | ldap3_remote.py:138:21:138:27 | ControlFlowNode for request |
 | ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | ldap3_remote.py:2:19:2:25 | GSSA Variable request |
-| ldap3_remote.py:2:19:2:25 | GSSA Variable request | ldap3_remote.py:0:0:0:0 | ModuleVariableNode for ldap3_remote.request |
+| ldap3_remote.py:2:19:2:25 | GSSA Variable request | ldap3_remote.py:138:21:138:27 | ControlFlowNode for request |
 | ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:102:18:102:21 | ControlFlowNode for host |
 | ldap3_remote.py:114:12:114:49 | ControlFlowNode for BinaryExpr | ldap3_remote.py:115:18:115:21 | ControlFlowNode for host |
 | ldap3_remote.py:126:12:126:31 | ControlFlowNode for BinaryExpr | ldap3_remote.py:127:18:127:21 | ControlFlowNode for host |
@@ -11,7 +10,6 @@ edges
 nodes
 | ldap2_remote.py:45:41:45:60 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
 | ldap2_remote.py:56:41:56:60 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
-| ldap3_remote.py:0:0:0:0 | ModuleVariableNode for ldap3_remote.request | semmle.label | ModuleVariableNode for ldap3_remote.request |
 | ldap3_remote.py:2:19:2:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | ldap3_remote.py:2:19:2:25 | GSSA Variable request | semmle.label | GSSA Variable request |
 | ldap3_remote.py:101:12:101:49 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |

python/ql/test/experimental/query-tests/Security/CWE-614/CookieInjection.expected

@@ -1,12 +1,11 @@
 edges
 | django_bad.py:27:33:27:67 | ControlFlowNode for Attribute() | django_bad.py:27:30:27:124 | ControlFlowNode for Fstring |
 | django_bad.py:27:71:27:106 | ControlFlowNode for Attribute() | django_bad.py:27:30:27:124 | ControlFlowNode for Fstring |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | flask_bad.py:24:21:24:27 | ControlFlowNode for request |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | flask_bad.py:24:49:24:55 | ControlFlowNode for request |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | flask_bad.py:32:37:32:43 | ControlFlowNode for request |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | flask_bad.py:32:60:32:66 | ControlFlowNode for request |
 | flask_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_bad.py:1:26:1:32 | GSSA Variable request |
-| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request |
+| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:24:21:24:27 | ControlFlowNode for request |
+| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:24:49:24:55 | ControlFlowNode for request |
+| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:32:37:32:43 | ControlFlowNode for request |
+| flask_bad.py:1:26:1:32 | GSSA Variable request | flask_bad.py:32:60:32:66 | ControlFlowNode for request |
 | flask_bad.py:24:21:24:27 | ControlFlowNode for request | flask_bad.py:24:21:24:32 | ControlFlowNode for Attribute |
 | flask_bad.py:24:21:24:27 | ControlFlowNode for request | flask_bad.py:24:49:24:60 | ControlFlowNode for Attribute |
 | flask_bad.py:24:21:24:32 | ControlFlowNode for Attribute | flask_bad.py:24:21:24:40 | ControlFlowNode for Subscript |
@@ -25,7 +24,6 @@ nodes
 | django_bad.py:27:30:27:124 | ControlFlowNode for Fstring | semmle.label | ControlFlowNode for Fstring |
 | django_bad.py:27:33:27:67 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | django_bad.py:27:71:27:106 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
-| flask_bad.py:0:0:0:0 | ModuleVariableNode for flask_bad.request | semmle.label | ModuleVariableNode for flask_bad.request |
 | flask_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | flask_bad.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | flask_bad.py:24:21:24:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/experimental/query-tests/Security/CWE-943/NoSQLInjection.expected

@@ -1,8 +1,7 @@
 edges
-| flask_mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for flask_mongoengine_bad.request | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request |
-| flask_mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for flask_mongoengine_bad.request | flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request |
 | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request |
-| flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request | flask_mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for flask_mongoengine_bad.request |
+| flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request |
+| flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request | flask_mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request |
 | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | flask_mongoengine_bad.py:19:21:19:32 | ControlFlowNode for Attribute |
 | flask_mongoengine_bad.py:19:21:19:32 | ControlFlowNode for Attribute | flask_mongoengine_bad.py:19:21:19:42 | ControlFlowNode for Subscript |
 | flask_mongoengine_bad.py:19:21:19:42 | ControlFlowNode for Subscript | flask_mongoengine_bad.py:20:30:20:42 | ControlFlowNode for unsafe_search |
@@ -13,22 +12,20 @@ edges
 | flask_mongoengine_bad.py:26:21:26:42 | ControlFlowNode for Subscript | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search |
 | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict |
 | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() |
-| flask_pymongo_bad.py:0:0:0:0 | ModuleVariableNode for flask_pymongo_bad.request | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request |
 | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_pymongo_bad.py:1:26:1:32 | GSSA Variable request |
-| flask_pymongo_bad.py:1:26:1:32 | GSSA Variable request | flask_pymongo_bad.py:0:0:0:0 | ModuleVariableNode for flask_pymongo_bad.request |
+| flask_pymongo_bad.py:1:26:1:32 | GSSA Variable request | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request |
 | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | flask_pymongo_bad.py:11:21:11:32 | ControlFlowNode for Attribute |
 | flask_pymongo_bad.py:11:21:11:32 | ControlFlowNode for Attribute | flask_pymongo_bad.py:11:21:11:42 | ControlFlowNode for Subscript |
 | flask_pymongo_bad.py:11:21:11:42 | ControlFlowNode for Subscript | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search |
 | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict |
 | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() |
-| mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for mongoengine_bad.request | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request |
-| mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for mongoengine_bad.request | mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request |
-| mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for mongoengine_bad.request | mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request |
-| mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for mongoengine_bad.request | mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request |
-| mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for mongoengine_bad.request | mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request |
-| mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for mongoengine_bad.request | mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request |
 | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | mongoengine_bad.py:1:26:1:32 | GSSA Variable request |
-| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for mongoengine_bad.request |
+| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request |
+| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:26:21:26:27 | ControlFlowNode for request |
+| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:34:21:34:27 | ControlFlowNode for request |
+| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:42:21:42:27 | ControlFlowNode for request |
+| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:50:21:50:27 | ControlFlowNode for request |
+| mongoengine_bad.py:1:26:1:32 | GSSA Variable request | mongoengine_bad.py:57:21:57:27 | ControlFlowNode for request |
 | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | mongoengine_bad.py:18:21:18:32 | ControlFlowNode for Attribute |
 | mongoengine_bad.py:18:21:18:32 | ControlFlowNode for Attribute | mongoengine_bad.py:18:21:18:42 | ControlFlowNode for Subscript |
 | mongoengine_bad.py:18:21:18:42 | ControlFlowNode for Subscript | mongoengine_bad.py:19:30:19:42 | ControlFlowNode for unsafe_search |
@@ -59,11 +56,10 @@ edges
 | mongoengine_bad.py:57:21:57:42 | ControlFlowNode for Subscript | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search |
 | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict |
 | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() |
-| pymongo_test.py:0:0:0:0 | ModuleVariableNode for pymongo_test.request | pymongo_test.py:12:21:12:27 | ControlFlowNode for request |
-| pymongo_test.py:0:0:0:0 | ModuleVariableNode for pymongo_test.request | pymongo_test.py:29:27:29:33 | ControlFlowNode for request |
-| pymongo_test.py:0:0:0:0 | ModuleVariableNode for pymongo_test.request | pymongo_test.py:39:27:39:33 | ControlFlowNode for request |
 | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | pymongo_test.py:1:26:1:32 | GSSA Variable request |
-| pymongo_test.py:1:26:1:32 | GSSA Variable request | pymongo_test.py:0:0:0:0 | ModuleVariableNode for pymongo_test.request |
+| pymongo_test.py:1:26:1:32 | GSSA Variable request | pymongo_test.py:12:21:12:27 | ControlFlowNode for request |
+| pymongo_test.py:1:26:1:32 | GSSA Variable request | pymongo_test.py:29:27:29:33 | ControlFlowNode for request |
+| pymongo_test.py:1:26:1:32 | GSSA Variable request | pymongo_test.py:39:27:39:33 | ControlFlowNode for request |
 | pymongo_test.py:12:21:12:27 | ControlFlowNode for request | pymongo_test.py:12:21:12:32 | ControlFlowNode for Attribute |
 | pymongo_test.py:12:21:12:32 | ControlFlowNode for Attribute | pymongo_test.py:12:21:12:42 | ControlFlowNode for Subscript |
 | pymongo_test.py:12:21:12:42 | ControlFlowNode for Subscript | pymongo_test.py:13:30:13:42 | ControlFlowNode for unsafe_search |
@@ -78,7 +74,6 @@ edges
 | pymongo_test.py:39:27:39:38 | ControlFlowNode for Attribute | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript |
 | pymongo_test.py:39:27:39:50 | ControlFlowNode for Subscript | pymongo_test.py:39:16:39:51 | ControlFlowNode for Attribute() |
 nodes
-| flask_mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for flask_mongoengine_bad.request | semmle.label | ModuleVariableNode for flask_mongoengine_bad.request |
 | flask_mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | flask_mongoengine_bad.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | flask_mongoengine_bad.py:19:21:19:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -93,7 +88,6 @@ nodes
 | flask_mongoengine_bad.py:27:19:27:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | flask_mongoengine_bad.py:27:30:27:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search |
 | flask_mongoengine_bad.py:30:39:30:59 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
-| flask_pymongo_bad.py:0:0:0:0 | ModuleVariableNode for flask_pymongo_bad.request | semmle.label | ModuleVariableNode for flask_pymongo_bad.request |
 | flask_pymongo_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | flask_pymongo_bad.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | flask_pymongo_bad.py:11:21:11:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -102,7 +96,6 @@ nodes
 | flask_pymongo_bad.py:12:19:12:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | flask_pymongo_bad.py:12:30:12:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search |
 | flask_pymongo_bad.py:14:31:14:51 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
-| mongoengine_bad.py:0:0:0:0 | ModuleVariableNode for mongoengine_bad.request | semmle.label | ModuleVariableNode for mongoengine_bad.request |
 | mongoengine_bad.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | mongoengine_bad.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | mongoengine_bad.py:18:21:18:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -141,7 +134,6 @@ nodes
 | mongoengine_bad.py:58:19:58:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
 | mongoengine_bad.py:58:30:58:42 | ControlFlowNode for unsafe_search | semmle.label | ControlFlowNode for unsafe_search |
 | mongoengine_bad.py:61:29:61:49 | ControlFlowNode for Dict | semmle.label | ControlFlowNode for Dict |
-| pymongo_test.py:0:0:0:0 | ModuleVariableNode for pymongo_test.request | semmle.label | ModuleVariableNode for pymongo_test.request |
 | pymongo_test.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | pymongo_test.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | pymongo_test.py:12:21:12:27 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/library-tests/ApiGraphs/py2/use.ql

@@ -13,12 +13,12 @@ class ApiUseTest extends InlineExpectationsTest {
   }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(DataFlow::Node n | relevant_node(_, n, location) |
+    exists(DataFlow::Node n | this.relevant_node(_, n, location) |
       tag = "use" and
       // Only report the longest path on this line:
       value =
         max(API::Node a2, Location l2 |
-          relevant_node(a2, _, l2) and
+          this.relevant_node(a2, _, l2) and
           l2.getFile() = location.getFile() and
           l2.getStartLine() = location.getStartLine()
         |

python/ql/test/library-tests/ApiGraphs/py3/dataflow-consistency.expected

@@ -3,6 +3,7 @@ uniqueCallEnclosingCallable
 | test_captured.py:7:22:7:25 | p() | Call should have one enclosing callable but has 0. |
 | test_captured.py:7:22:7:25 | p() | Call should have one enclosing callable but has 0. |
 | test_captured.py:14:26:14:30 | pp() | Call should have one enclosing callable but has 0. |
+| test_captured.py:14:26:14:30 | pp() | Call should have one enclosing callable but has 0. |
 uniqueType
 uniqueNodeLocation
 missingLocation
@@ -26,3 +27,6 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| test_captured.py:7:22:7:22 | ControlFlowNode for p | Node steps to itself |
+| test_captured.py:14:26:14:27 | ControlFlowNode for pp | Node steps to itself |

python/ql/test/library-tests/ApiGraphs/py3/test.py

@@ -89,7 +89,7 @@ def use_of_builtins():
 def imported_builtins():
     import builtins #$ use=moduleImport("builtins")
     def open(f):
-        return builtins.open(f) #$ MISSING: use=moduleImport("builtins").getMember("open").getReturn()
+        return builtins.open(f) #$ use=moduleImport("builtins").getMember("open").getReturn()
 
 def redefine_print():
     def my_print(x):

python/ql/test/library-tests/ApiGraphs/py3/test_captured.py

@@ -11,4 +11,4 @@ def pp_list(l):
         return escape(x) #$ use=moduleImport("html").getMember("escape").getReturn()
 
     def pp_list_inner(l):
-        return ", ".join(pp(x) for x in l) #$ MISSING: use=moduleImport("html").getMember("escape").getReturn()
+        return ", ".join(pp(x) for x in l) #$ use=moduleImport("html").getMember("escape").getReturn()

python/ql/test/library-tests/ApiGraphs/py3/test_captured_flask.py

@@ -0,0 +1,14 @@
+from flask import Flask
+from flask_sqlalchemy import SQLAlchemy
+from flask_user import UserMixin
+
+def create_app():
+  app = Flask(__name__)
+  db = SQLAlchemy(app)  #$ use=moduleImport("flask_sqlalchemy").getMember("SQLAlchemy").getReturn()
+
+  class Users(db.Model, UserMixin):  #$ use=moduleImport("flask_sqlalchemy").getMember("SQLAlchemy").getReturn().getMember("Model").getASubclass()
+      __tablename__ = 'users'
+
+  @app.route('/v2/user/<int:id>', methods=['GET','PUT'])
+  def users(id):
+      Users.query.filter_by(id=id).first()  #$ use=moduleImport("flask_sqlalchemy").getMember("SQLAlchemy").getReturn().getMember("Model").getASubclass().getMember("query").getMember("filter_by")

python/ql/test/library-tests/ApiGraphs/py3/test_captured_inheritance.py

@@ -0,0 +1,26 @@
+from foo import A, B
+
+def func():
+    if cond():
+        class Foo(A): pass
+    else:
+        class Foo(B): pass
+
+    class Bar(A): pass
+    class Bar(B): pass
+
+    class Baz(A): pass
+    
+    def other_func():
+        print(Foo)  #$ use=moduleImport("foo").getMember("A").getASubclass() use=moduleImport("foo").getMember("B").getASubclass()
+        # On the next line, we wish to express that it is not possible for `Bar` to be a subclass of `A`.
+        # However, we have no "true negative" annotation, so we use the MISSING annotation instead.
+        # (Normally, "true negative" is not needed as all applicable annotations must be present,
+        # but these API graph tests work differently, since having all results recorded in annotations 
+        # would be excessive)
+        print(Bar)  #$ use=moduleImport("foo").getMember("B").getASubclass() MISSING: use=moduleImport("foo").getMember("A").getASubclass()
+        print(Baz)  #$ use=moduleImport("foo").getMember("B").getASubclass() SPURIOUS: use=moduleImport("foo").getMember("A").getASubclass()
+
+    class Baz(B): pass
+
+    other_func()

python/ql/test/library-tests/ApiGraphs/py3/test_import_star.py

@@ -32,5 +32,5 @@ def func1():
 def func3():
     var2 = print #$ use=moduleImport("builtins").getMember("print")
     def func4():
-        var2() #$ MISSING: use=moduleImport("builtins").getMember("print").getReturn()
+        var2() #$ use=moduleImport("builtins").getMember("print").getReturn()
     func4()

python/ql/test/library-tests/frameworks/django-orm/dataflow-consistency.expected

@@ -106,3 +106,22 @@ viableImplInCallContextTooLarge
 uniqueParameterNodeAtPosition
 uniqueParameterNodePosition
 uniqueContentApprox
+identityLocalStep
+| testapp/orm_tests.py:217:24:217:29 | ControlFlowNode for SOURCE | Node steps to itself |
+| testapp/orm_tests.py:244:24:244:29 | ControlFlowNode for SOURCE | Node steps to itself |
+| testapp/orm_tests.py:283:20:283:25 | ControlFlowNode for SOURCE | Node steps to itself |
+| testapp/orm_tests.py:299:15:299:22 | ControlFlowNode for TestLoad | Node steps to itself |
+| testapp/orm_tests.py:300:20:300:25 | ControlFlowNode for SOURCE | Node steps to itself |
+| testapp/orm_tests.py:310:9:310:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:316:9:316:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:326:9:326:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:333:9:333:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:339:9:339:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:346:9:346:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:352:9:352:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:358:9:358:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/orm_tests.py:365:9:365:12 | ControlFlowNode for SINK | Node steps to itself |
+| testapp/tests.py:12:13:12:14 | ControlFlowNode for re | Node steps to itself |
+| testapp/tests.py:16:9:16:18 | ControlFlowNode for test_names | Node steps to itself |
+| testapp/tests.py:25:13:25:14 | ControlFlowNode for re | Node steps to itself |
+| testapp/tests.py:31:9:31:18 | ControlFlowNode for test_names | Node steps to itself |

python/ql/test/library-tests/regex/Alternation.ql

@@ -1,7 +1,7 @@
 import python
 import semmle.python.regex
 
-from Regex r, int start, int end, int part_start, int part_end
+from RegExp r, int start, int end, int part_start, int part_end
 where
   r.getLocation().getFile().getBaseName() = "test.py" and
   r.alternationOption(start, end, part_start, part_end)

python/ql/test/library-tests/regex/Characters.ql

@@ -6,6 +6,6 @@
 import python
 import semmle.python.regex
 
-from Regex r, int start, int end
+from RegExp r, int start, int end
 where r.character(start, end) and r.getLocation().getFile().getBaseName() = "test.py"
 select r.getText(), start, end

python/ql/test/library-tests/regex/Consistency.ql

@@ -7,6 +7,6 @@ import semmle.python.regex
 
 from string str, Location loc, int counter
 where
-  counter = strictcount(Regex term | term.getLocation() = loc and term.getText() = str) and
+  counter = strictcount(RegExp term | term.getLocation() = loc and term.getText() = str) and
   counter > 1
 select str, counter, loc

python/ql/test/library-tests/regex/FirstLast.ql

@@ -1,12 +1,12 @@
 import python
 import semmle.python.regex
 
-predicate part(Regex r, int start, int end, string kind) {
+predicate part(RegExp r, int start, int end, string kind) {
   r.lastItem(start, end) and kind = "last"
   or
   r.firstItem(start, end) and kind = "first"
 }
 
-from Regex r, int start, int end, string kind
+from RegExp r, int start, int end, string kind
 where part(r, start, end, kind) and r.getLocation().getFile().getBaseName() = "test.py"
 select r.getText(), kind, start, end

python/ql/test/library-tests/regex/GroupContents.ql

@@ -1,7 +1,7 @@
 import python
 import semmle.python.regex
 
-from Regex r, int start, int end, int part_start, int part_end
+from RegExp r, int start, int end, int part_start, int part_end
 where
   r.getLocation().getFile().getBaseName() = "test.py" and
   r.groupContents(start, end, part_start, part_end)

python/ql/test/library-tests/regex/Mode.ql

@@ -1,6 +1,6 @@
 import python
 import semmle.python.regex
 
-from Regex r
+from RegExp r
 where r.getLocation().getFile().getBaseName() = "test.py"
 select r.getLocation().getStartLine(), r.getAMode()

python/ql/test/library-tests/regex/Qualified.ql

@@ -1,7 +1,7 @@
 import python
 import semmle.python.regex
 
-from Regex r, int start, int end, boolean maybe_empty, boolean may_repeat_forever
+from RegExp r, int start, int end, boolean maybe_empty, boolean may_repeat_forever
 where
   r.getLocation().getFile().getBaseName() = "test.py" and
   r.qualifiedItem(start, end, maybe_empty, may_repeat_forever)

python/ql/test/library-tests/regex/Regex.ql

@@ -1,7 +1,7 @@
 import python
 import semmle.python.regex
 
-predicate part(Regex r, int start, int end, string kind) {
+predicate part(RegExp r, int start, int end, string kind) {
   r.alternation(start, end) and kind = "choice"
   or
   r.normalCharacter(start, end) and kind = "char"
@@ -23,6 +23,6 @@ predicate part(Regex r, int start, int end, string kind) {
   r.qualifiedItem(start, end, _, _) and kind = "qualified"
 }
 
-from Regex r, int start, int end, string kind
+from RegExp r, int start, int end, string kind
 where part(r, start, end, kind) and r.getLocation().getFile().getBaseName() = "test.py"
 select r.getText(), kind, start, end

python/ql/test/library-tests/regex/SubstructureTests.ql

@@ -10,7 +10,7 @@ class CharacterSetTest extends InlineExpectationsTest {
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
     location.getFile().getBaseName() = "charSetTest.py" and
-    exists(Regex re, int start, int end |
+    exists(RegExp re, int start, int end |
       re.charSet(start, end) and
       location = re.getLocation() and
       element = re.getText().substring(start, end) and
@@ -28,7 +28,7 @@ class CharacterRangeTest extends InlineExpectationsTest {
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
     location.getFile().getBaseName() = "charRangeTest.py" and
-    exists(Regex re, int start, int lower_end, int upper_start, int end |
+    exists(RegExp re, int start, int lower_end, int upper_start, int end |
       re.charRange(_, start, lower_end, upper_start, end) and
       location = re.getLocation() and
       element = re.getText().substring(start, end) and
@@ -46,7 +46,7 @@ class EscapeTest extends InlineExpectationsTest {
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
     location.getFile().getBaseName() = "escapedCharacterTest.py" and
-    exists(Regex re, int start, int end |
+    exists(RegExp re, int start, int end |
       re.escapedCharacter(start, end) and
       location = re.getLocation() and
       element = re.getText().substring(start, end) and
@@ -64,7 +64,7 @@ class GroupTest extends InlineExpectationsTest {
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     exists(location.getFile().getRelativePath()) and
     location.getFile().getBaseName() = "groupTest.py" and
-    exists(Regex re, int start, int end |
+    exists(RegExp re, int start, int end |
       re.group(start, end) and
       location = re.getLocation() and
       element = re.getText().substring(start, end) and

python/ql/test/library-tests/regexparser/Consistency.ql

@@ -3,7 +3,7 @@
  */
 
 import python
-import semmle.python.RegexTreeView
+import semmle.python.regexp.RegexTreeView
 
 from string str, int counter, Location loc
 where

python/ql/test/qlpack.yml

@@ -5,3 +5,4 @@ dependencies:
     codeql/python-queries: ${workspace}
 extractor: python
 tests: .
+warnOnImplicitThis: true

python/ql/test/query-tests/Functions/ModificationOfParameterWithDefault/test.ql

@@ -14,7 +14,7 @@ class ModificationOfParameterWithDefaultTest extends InlineExpectationsTest {
   }
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
-    exists(DataFlow::Node n | relevant_node(n) |
+    exists(DataFlow::Node n | this.relevant_node(n) |
       n.getLocation() = location and
       tag = "modification" and
       value = prettyNode(n) and

python/ql/test/query-tests/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.expected

@@ -1,11 +1,10 @@
 edges
-| test.py:0:0:0:0 | ModuleVariableNode for test.request | test.py:13:16:13:22 | ControlFlowNode for request |
-| test.py:0:0:0:0 | ModuleVariableNode for test.request | test.py:23:16:23:22 | ControlFlowNode for request |
-| test.py:0:0:0:0 | ModuleVariableNode for test.request | test.py:34:12:34:18 | ControlFlowNode for request |
-| test.py:0:0:0:0 | ModuleVariableNode for test.request | test.py:42:12:42:18 | ControlFlowNode for request |
-| test.py:0:0:0:0 | ModuleVariableNode for test.request | test.py:54:12:54:18 | ControlFlowNode for request |
 | test.py:5:26:5:32 | ControlFlowNode for ImportMember | test.py:5:26:5:32 | GSSA Variable request |
-| test.py:5:26:5:32 | GSSA Variable request | test.py:0:0:0:0 | ModuleVariableNode for test.request |
+| test.py:5:26:5:32 | GSSA Variable request | test.py:13:16:13:22 | ControlFlowNode for request |
+| test.py:5:26:5:32 | GSSA Variable request | test.py:23:16:23:22 | ControlFlowNode for request |
+| test.py:5:26:5:32 | GSSA Variable request | test.py:34:12:34:18 | ControlFlowNode for request |
+| test.py:5:26:5:32 | GSSA Variable request | test.py:42:12:42:18 | ControlFlowNode for request |
+| test.py:5:26:5:32 | GSSA Variable request | test.py:54:12:54:18 | ControlFlowNode for request |
 | test.py:13:16:13:22 | ControlFlowNode for request | test.py:13:16:13:27 | ControlFlowNode for Attribute |
 | test.py:13:16:13:27 | ControlFlowNode for Attribute | test.py:15:36:15:39 | ControlFlowNode for data |
 | test.py:23:16:23:22 | ControlFlowNode for request | test.py:23:16:23:27 | ControlFlowNode for Attribute |
@@ -21,7 +20,6 @@ edges
 | test.py:54:12:54:23 | ControlFlowNode for Attribute | test.py:55:17:55:20 | ControlFlowNode for data |
 | test.py:55:17:55:20 | ControlFlowNode for data | test.py:47:17:47:19 | ControlFlowNode for arg |
 nodes
-| test.py:0:0:0:0 | ModuleVariableNode for test.request | semmle.label | ModuleVariableNode for test.request |
 | test.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | test.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | test.py:13:16:13:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/query-tests/Security/CWE-022-PathInjection/PathInjection.expected

@@ -1,22 +1,20 @@
 edges
-| flask_path_injection.py:0:0:0:0 | ModuleVariableNode for flask_path_injection.request | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request |
 | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | flask_path_injection.py:1:26:1:32 | GSSA Variable request |
-| flask_path_injection.py:1:26:1:32 | GSSA Variable request | flask_path_injection.py:0:0:0:0 | ModuleVariableNode for flask_path_injection.request |
+| flask_path_injection.py:1:26:1:32 | GSSA Variable request | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request |
 | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute |
 | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:12:16:12:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:19:16:19:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:27:16:27:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:46:16:46:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:63:16:63:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:84:16:84:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:107:16:107:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:118:16:118:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:129:16:129:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:138:16:138:22 | ControlFlowNode for request |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | path_injection.py:149:16:149:22 | ControlFlowNode for request |
 | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | path_injection.py:3:26:3:32 | GSSA Variable request |
-| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:12:16:12:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:19:16:19:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:27:16:27:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:46:16:46:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:63:16:63:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:84:16:84:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:107:16:107:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:118:16:118:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:129:16:129:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:138:16:138:22 | ControlFlowNode for request |
+| path_injection.py:3:26:3:32 | GSSA Variable request | path_injection.py:149:16:149:22 | ControlFlowNode for request |
 | path_injection.py:12:16:12:22 | ControlFlowNode for request | path_injection.py:12:16:12:27 | ControlFlowNode for Attribute |
 | path_injection.py:12:16:12:27 | ControlFlowNode for Attribute | path_injection.py:13:14:13:47 | ControlFlowNode for Attribute() |
 | path_injection.py:19:16:19:22 | ControlFlowNode for request | path_injection.py:19:16:19:27 | ControlFlowNode for Attribute |
@@ -49,15 +47,13 @@ edges
 | path_injection.py:138:16:138:27 | ControlFlowNode for Attribute | path_injection.py:142:14:142:17 | ControlFlowNode for path |
 | path_injection.py:149:16:149:22 | ControlFlowNode for request | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute |
 | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | path_injection.py:152:18:152:21 | ControlFlowNode for path |
-| pathlib_use.py:0:0:0:0 | ModuleVariableNode for pathlib_use.request | pathlib_use.py:12:16:12:22 | ControlFlowNode for request |
 | pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | pathlib_use.py:3:26:3:32 | GSSA Variable request |
-| pathlib_use.py:3:26:3:32 | GSSA Variable request | pathlib_use.py:0:0:0:0 | ModuleVariableNode for pathlib_use.request |
+| pathlib_use.py:3:26:3:32 | GSSA Variable request | pathlib_use.py:12:16:12:22 | ControlFlowNode for request |
 | pathlib_use.py:12:16:12:22 | ControlFlowNode for request | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute |
 | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | pathlib_use.py:14:5:14:5 | ControlFlowNode for p |
 | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 |
-| test.py:0:0:0:0 | ModuleVariableNode for test.request | test.py:9:12:9:18 | ControlFlowNode for request |
 | test.py:3:26:3:32 | ControlFlowNode for ImportMember | test.py:3:26:3:32 | GSSA Variable request |
-| test.py:3:26:3:32 | GSSA Variable request | test.py:0:0:0:0 | ModuleVariableNode for test.request |
+| test.py:3:26:3:32 | GSSA Variable request | test.py:9:12:9:18 | ControlFlowNode for request |
 | test.py:9:12:9:18 | ControlFlowNode for request | test.py:9:12:9:23 | ControlFlowNode for Attribute |
 | test.py:9:12:9:23 | ControlFlowNode for Attribute | test.py:9:12:9:39 | ControlFlowNode for Attribute() |
 | test.py:9:12:9:39 | ControlFlowNode for Attribute() | test.py:18:9:18:16 | ControlFlowNode for source() |
@@ -77,13 +73,11 @@ edges
 | test.py:48:23:48:23 | ControlFlowNode for x | test.py:12:15:12:15 | ControlFlowNode for x |
 | test.py:48:23:48:23 | ControlFlowNode for x | test.py:48:13:48:24 | ControlFlowNode for normalize() |
 nodes
-| flask_path_injection.py:0:0:0:0 | ModuleVariableNode for flask_path_injection.request | semmle.label | ModuleVariableNode for flask_path_injection.request |
 | flask_path_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | flask_path_injection.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | flask_path_injection.py:19:15:19:21 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | flask_path_injection.py:19:15:19:26 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | flask_path_injection.py:21:32:21:38 | ControlFlowNode for dirname | semmle.label | ControlFlowNode for dirname |
-| path_injection.py:0:0:0:0 | ModuleVariableNode for path_injection.request | semmle.label | ModuleVariableNode for path_injection.request |
 | path_injection.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | path_injection.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | path_injection.py:12:16:12:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
@@ -131,14 +125,12 @@ nodes
 | path_injection.py:149:16:149:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | path_injection.py:149:16:149:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | path_injection.py:152:18:152:21 | ControlFlowNode for path | semmle.label | ControlFlowNode for path |
-| pathlib_use.py:0:0:0:0 | ModuleVariableNode for pathlib_use.request | semmle.label | ModuleVariableNode for pathlib_use.request |
 | pathlib_use.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | pathlib_use.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | pathlib_use.py:12:16:12:22 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
 | pathlib_use.py:12:16:12:27 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
 | pathlib_use.py:14:5:14:5 | ControlFlowNode for p | semmle.label | ControlFlowNode for p |
 | pathlib_use.py:17:5:17:6 | ControlFlowNode for p2 | semmle.label | ControlFlowNode for p2 |
-| test.py:0:0:0:0 | ModuleVariableNode for test.request | semmle.label | ModuleVariableNode for test.request |
 | test.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | test.py:3:26:3:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | test.py:9:12:9:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/query-tests/Security/CWE-078-CommandInjection-py2/CommandInjection.expected

@@ -1,7 +1,6 @@
 edges
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:18:13:18:19 | ControlFlowNode for request |
 | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:5:26:5:32 | GSSA Variable request |
-| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:18:13:18:19 | ControlFlowNode for request |
 | command_injection.py:18:13:18:19 | ControlFlowNode for request | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute |
 | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:19:15:19:27 | ControlFlowNode for BinaryExpr |
 | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:20:15:20:27 | ControlFlowNode for BinaryExpr |
@@ -13,7 +12,6 @@ edges
 | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:28:19:28:31 | ControlFlowNode for BinaryExpr |
 | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute | command_injection.py:29:19:29:31 | ControlFlowNode for BinaryExpr |
 nodes
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | semmle.label | ModuleVariableNode for command_injection.request |
 | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | command_injection.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | command_injection.py:18:13:18:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/query-tests/Security/CWE-078-CommandInjection/CommandInjection.expected

@@ -1,14 +1,13 @@
 edges
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:11:13:11:19 | ControlFlowNode for request |
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:18:13:18:19 | ControlFlowNode for request |
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:25:11:25:17 | ControlFlowNode for request |
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:31:13:31:19 | ControlFlowNode for request |
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:38:15:38:21 | ControlFlowNode for request |
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:54:15:54:21 | ControlFlowNode for request |
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:71:12:71:18 | ControlFlowNode for request |
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | command_injection.py:78:12:78:18 | ControlFlowNode for request |
 | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | command_injection.py:5:26:5:32 | GSSA Variable request |
-| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:11:13:11:19 | ControlFlowNode for request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:18:13:18:19 | ControlFlowNode for request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:25:11:25:17 | ControlFlowNode for request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:31:13:31:19 | ControlFlowNode for request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:38:15:38:21 | ControlFlowNode for request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:54:15:54:21 | ControlFlowNode for request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:71:12:71:18 | ControlFlowNode for request |
+| command_injection.py:5:26:5:32 | GSSA Variable request | command_injection.py:78:12:78:18 | ControlFlowNode for request |
 | command_injection.py:11:13:11:19 | ControlFlowNode for request | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute |
 | command_injection.py:11:13:11:24 | ControlFlowNode for Attribute | command_injection.py:13:15:13:27 | ControlFlowNode for BinaryExpr |
 | command_injection.py:18:13:18:19 | ControlFlowNode for request | command_injection.py:18:13:18:24 | ControlFlowNode for Attribute |
@@ -31,7 +30,6 @@ edges
 | command_injection.py:78:12:78:18 | ControlFlowNode for request | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute |
 | command_injection.py:78:12:78:23 | ControlFlowNode for Attribute | command_injection.py:80:19:80:30 | ControlFlowNode for BinaryExpr |
 nodes
-| command_injection.py:0:0:0:0 | ModuleVariableNode for command_injection.request | semmle.label | ModuleVariableNode for command_injection.request |
 | command_injection.py:5:26:5:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | command_injection.py:5:26:5:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | command_injection.py:11:13:11:19 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/query-tests/Security/CWE-079-ReflectedXss/ReflectedXss.expected

@@ -1,9 +1,8 @@
 edges
-| reflected_xss.py:0:0:0:0 | ModuleVariableNode for reflected_xss.request | reflected_xss.py:9:18:9:24 | ControlFlowNode for request |
-| reflected_xss.py:0:0:0:0 | ModuleVariableNode for reflected_xss.request | reflected_xss.py:21:23:21:29 | ControlFlowNode for request |
-| reflected_xss.py:0:0:0:0 | ModuleVariableNode for reflected_xss.request | reflected_xss.py:27:23:27:29 | ControlFlowNode for request |
 | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | reflected_xss.py:2:26:2:32 | GSSA Variable request |
-| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:0:0:0:0 | ModuleVariableNode for reflected_xss.request |
+| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:9:18:9:24 | ControlFlowNode for request |
+| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:21:23:21:29 | ControlFlowNode for request |
+| reflected_xss.py:2:26:2:32 | GSSA Variable request | reflected_xss.py:27:23:27:29 | ControlFlowNode for request |
 | reflected_xss.py:9:18:9:24 | ControlFlowNode for request | reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute |
 | reflected_xss.py:9:18:9:29 | ControlFlowNode for Attribute | reflected_xss.py:10:26:10:53 | ControlFlowNode for BinaryExpr |
 | reflected_xss.py:21:23:21:29 | ControlFlowNode for request | reflected_xss.py:21:23:21:34 | ControlFlowNode for Attribute |
@@ -11,7 +10,6 @@ edges
 | reflected_xss.py:27:23:27:29 | ControlFlowNode for request | reflected_xss.py:27:23:27:34 | ControlFlowNode for Attribute |
 | reflected_xss.py:27:23:27:34 | ControlFlowNode for Attribute | reflected_xss.py:28:26:28:41 | ControlFlowNode for Attribute() |
 nodes
-| reflected_xss.py:0:0:0:0 | ModuleVariableNode for reflected_xss.request | semmle.label | ModuleVariableNode for reflected_xss.request |
 | reflected_xss.py:2:26:2:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | reflected_xss.py:2:26:2:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | reflected_xss.py:9:18:9:24 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |

python/ql/test/query-tests/Security/CWE-090-LdapInjection/LdapInjection.expected

@@ -1,14 +1,12 @@
 edges
-| ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request |
-| ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request |
-| ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request | ldap3_bad.py:14:21:14:27 | ControlFlowNode for request |
-| ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request |
-| ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request |
-| ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request | ldap3_bad.py:31:21:31:27 | ControlFlowNode for request |
 | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:1:19:1:25 | GSSA Variable request |
 | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap3_bad.py:1:19:1:25 | GSSA Variable request |
-| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request |
-| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request |
+| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request |
+| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request |
+| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:14:21:14:27 | ControlFlowNode for request |
+| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request |
+| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:30:17:30:23 | ControlFlowNode for request |
+| ldap3_bad.py:1:19:1:25 | GSSA Variable request | ldap3_bad.py:31:21:31:27 | ControlFlowNode for request |
 | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:13:17:13:28 | ControlFlowNode for Attribute |
 | ldap3_bad.py:13:17:13:23 | ControlFlowNode for request | ldap3_bad.py:14:21:14:32 | ControlFlowNode for Attribute |
 | ldap3_bad.py:13:17:13:28 | ControlFlowNode for Attribute | ldap3_bad.py:13:17:13:34 | ControlFlowNode for Subscript |
@@ -23,19 +21,17 @@ edges
 | ldap3_bad.py:31:21:31:27 | ControlFlowNode for request | ldap3_bad.py:31:21:31:32 | ControlFlowNode for Attribute |
 | ldap3_bad.py:31:21:31:32 | ControlFlowNode for Attribute | ldap3_bad.py:31:21:31:44 | ControlFlowNode for Subscript |
 | ldap3_bad.py:31:21:31:44 | ControlFlowNode for Subscript | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:13:17:13:23 | ControlFlowNode for request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:13:17:13:23 | ControlFlowNode for request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:14:21:14:27 | ControlFlowNode for request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:30:17:30:23 | ControlFlowNode for request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:30:17:30:23 | ControlFlowNode for request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:31:21:31:27 | ControlFlowNode for request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | ldap_bad.py:48:21:48:27 | ControlFlowNode for request |
 | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:1:19:1:25 | GSSA Variable request |
 | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | ldap_bad.py:1:19:1:25 | GSSA Variable request |
-| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request |
-| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:13:17:13:23 | ControlFlowNode for request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:13:17:13:23 | ControlFlowNode for request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:14:21:14:27 | ControlFlowNode for request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:30:17:30:23 | ControlFlowNode for request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:30:17:30:23 | ControlFlowNode for request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:31:21:31:27 | ControlFlowNode for request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:47:17:47:23 | ControlFlowNode for request |
+| ldap_bad.py:1:19:1:25 | GSSA Variable request | ldap_bad.py:48:21:48:27 | ControlFlowNode for request |
 | ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:13:17:13:28 | ControlFlowNode for Attribute |
 | ldap_bad.py:13:17:13:23 | ControlFlowNode for request | ldap_bad.py:14:21:14:32 | ControlFlowNode for Attribute |
 | ldap_bad.py:13:17:13:28 | ControlFlowNode for Attribute | ldap_bad.py:13:17:13:34 | ControlFlowNode for Subscript |
@@ -58,8 +54,6 @@ edges
 | ldap_bad.py:48:21:48:32 | ControlFlowNode for Attribute | ldap_bad.py:48:21:48:44 | ControlFlowNode for Subscript |
 | ldap_bad.py:48:21:48:44 | ControlFlowNode for Subscript | ldap_bad.py:55:43:55:55 | ControlFlowNode for search_filter |
 nodes
-| ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request | semmle.label | ModuleVariableNode for ldap3_bad.request |
-| ldap3_bad.py:0:0:0:0 | ModuleVariableNode for ldap3_bad.request | semmle.label | ModuleVariableNode for ldap3_bad.request |
 | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | ldap3_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | ldap3_bad.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request |
@@ -82,8 +76,6 @@ nodes
 | ldap3_bad.py:31:21:31:44 | ControlFlowNode for Subscript | semmle.label | ControlFlowNode for Subscript |
 | ldap3_bad.py:38:9:38:10 | ControlFlowNode for dn | semmle.label | ControlFlowNode for dn |
 | ldap3_bad.py:38:13:38:25 | ControlFlowNode for search_filter | semmle.label | ControlFlowNode for search_filter |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | semmle.label | ModuleVariableNode for ldap_bad.request |
-| ldap_bad.py:0:0:0:0 | ModuleVariableNode for ldap_bad.request | semmle.label | ModuleVariableNode for ldap_bad.request |
 | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | ldap_bad.py:1:19:1:25 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | ldap_bad.py:1:19:1:25 | GSSA Variable request | semmle.label | GSSA Variable request |

python/ql/test/query-tests/Security/CWE-094-CodeInjection/CodeInjection.expected

@@ -1,8 +1,7 @@
 edges
-| code_injection.py:0:0:0:0 | ModuleVariableNode for code_injection.request | code_injection.py:6:12:6:18 | ControlFlowNode for request |
-| code_injection.py:0:0:0:0 | ModuleVariableNode for code_injection.request | code_injection.py:18:16:18:22 | ControlFlowNode for request |
 | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | code_injection.py:1:26:1:32 | GSSA Variable request |
-| code_injection.py:1:26:1:32 | GSSA Variable request | code_injection.py:0:0:0:0 | ModuleVariableNode for code_injection.request |
+| code_injection.py:1:26:1:32 | GSSA Variable request | code_injection.py:6:12:6:18 | ControlFlowNode for request |
+| code_injection.py:1:26:1:32 | GSSA Variable request | code_injection.py:18:16:18:22 | ControlFlowNode for request |
 | code_injection.py:6:12:6:18 | ControlFlowNode for request | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute |
 | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | code_injection.py:7:10:7:13 | ControlFlowNode for code |
 | code_injection.py:6:12:6:23 | ControlFlowNode for Attribute | code_injection.py:8:10:8:13 | ControlFlowNode for code |
@@ -10,7 +9,6 @@ edges
 | code_injection.py:18:16:18:22 | ControlFlowNode for request | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute |
 | code_injection.py:18:16:18:27 | ControlFlowNode for Attribute | code_injection.py:21:20:21:27 | ControlFlowNode for obj_name |
 nodes
-| code_injection.py:0:0:0:0 | ModuleVariableNode for code_injection.request | semmle.label | ModuleVariableNode for code_injection.request |
 | code_injection.py:1:26:1:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
 | code_injection.py:1:26:1:32 | GSSA Variable request | semmle.label | GSSA Variable request |
 | code_injection.py:6:12:6:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |