C++: Accept query-test changes.

2026-05-02 12:15:17 +02:00 · 2022-10-13 11:20:16 +02:00
parent 373c849b18
commit 4c5953fce0
52 changed files with 1269 additions and 1990 deletions
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/NoCheckBeforeUnsafePutUser.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/NoCheckBeforeUnsafePutUser.expected
@@ -1,3 +0,0 @@
-| test.cpp:20:21:20:22 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |
-| test.cpp:41:21:41:22 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |
-| test.cpp:69:21:69:27 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-190/AllocMultiplicationOverflow/AllocMultiplicationOverflow.expected
@@ -1,9 +1,20 @@
 edges
+| test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... |
+| test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | (unsigned long)... |
+| test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... |
+| test.cpp:22:17:22:21 | (size_t)... | test.cpp:23:33:23:37 | size1 |
 | test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 |
 nodes
 | test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
+| test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
+| test.cpp:13:33:13:37 | ... * ... | semmle.label | ... * ... |
+| test.cpp:15:31:15:35 | (unsigned long)... | semmle.label | (unsigned long)... |
+| test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |
 | test.cpp:15:31:15:35 | ... * ... | semmle.label | ... * ... |
 | test.cpp:19:34:19:38 | ... * ... | semmle.label | ... * ... |
+| test.cpp:19:34:19:38 | ... * ... | semmle.label | ... * ... |
+| test.cpp:19:34:19:38 | ... * ... | semmle.label | ... * ... |
+| test.cpp:22:17:22:21 | (size_t)... | semmle.label | (size_t)... |
 | test.cpp:22:17:22:21 | ... * ... | semmle.label | ... * ... |
 | test.cpp:23:33:23:37 | size1 | semmle.label | size1 |
 | test.cpp:30:27:30:31 | ... * ... | semmle.label | ... * ... |
@@ -11,8 +22,15 @@ nodes
 subpaths
 #select
 | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
+| test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
+| test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | test.cpp:13:33:13:37 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:13:33:13:37 | ... * ... | multiplication |
+| test.cpp:15:31:15:35 | (unsigned long)... | test.cpp:15:31:15:35 | (unsigned long)... | test.cpp:15:31:15:35 | (unsigned long)... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:15:31:15:35 | (unsigned long)... | multiplication |
+| test.cpp:15:31:15:35 | (unsigned long)... | test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | (unsigned long)... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:15:31:15:35 | ... * ... | multiplication |
 | test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... | test.cpp:15:31:15:35 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:15:31:15:35 | ... * ... | multiplication |
 | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:19:34:19:38 | ... * ... | multiplication |
+| test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:19:34:19:38 | ... * ... | multiplication |
+| test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | test.cpp:19:34:19:38 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:19:34:19:38 | ... * ... | multiplication |
+| test.cpp:23:33:23:37 | size1 | test.cpp:22:17:22:21 | (size_t)... | test.cpp:23:33:23:37 | size1 | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:22:17:22:21 | (size_t)... | multiplication |
 | test.cpp:23:33:23:37 | size1 | test.cpp:22:17:22:21 | ... * ... | test.cpp:23:33:23:37 | size1 | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:22:17:22:21 | ... * ... | multiplication |
 | test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | test.cpp:30:27:30:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:30:27:30:31 | ... * ... | multiplication |
 | test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | test.cpp:31:27:31:31 | ... * ... | Potentially overflowing value from $@ is used in the size of this allocation. | test.cpp:31:27:31:31 | ... * ... | multiplication |
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-359/semmle/tests/PrivateCleartextWrite.expected
@@ -1,27 +1,60 @@
 edges
-| test.cpp:45:18:45:23 | buffer | test.cpp:47:10:47:15 | buffer |
+| test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode |
+| test.cpp:74:24:74:30 | medical | test.cpp:78:24:78:27 | temp |
+| test.cpp:74:24:74:30 | medical | test.cpp:81:22:81:28 | medical |
 | test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp |
-| test.cpp:81:17:81:20 | call to func | test.cpp:82:24:82:28 | buff5 |
-| test.cpp:81:22:81:28 | medical | test.cpp:45:18:45:23 | buffer |
-| test.cpp:81:22:81:28 | medical | test.cpp:81:17:81:20 | call to func |
+| test.cpp:77:16:77:22 | medical | test.cpp:81:22:81:28 | medical |
+| test.cpp:81:22:81:28 | medical | test.cpp:82:24:82:28 | buff5 |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
+| test.cpp:99:61:99:70 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
+| test.cpp:99:61:99:70 | theZipcode | test.cpp:99:42:99:51 | theZipcode |
 nodes
-| test.cpp:45:18:45:23 | buffer | semmle.label | buffer |
-| test.cpp:47:10:47:15 | buffer | semmle.label | buffer |
 | test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
+| test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
+| test.cpp:57:9:57:18 | theZipcode | semmle.label | theZipcode |
+| test.cpp:74:24:74:30 | medical | semmle.label | medical |
 | test.cpp:74:24:74:30 | medical | semmle.label | medical |
 | test.cpp:77:16:77:22 | medical | semmle.label | medical |
 | test.cpp:78:24:78:27 | temp | semmle.label | temp |
-| test.cpp:81:17:81:20 | call to func | semmle.label | call to func |
 | test.cpp:81:22:81:28 | medical | semmle.label | medical |
 | test.cpp:82:24:82:28 | buff5 | semmle.label | buff5 |
 | test.cpp:96:37:96:46 | theZipcode | semmle.label | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | semmle.label | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | semmle.label | theZipcode |
+| test.cpp:96:37:96:46 | theZipcode | semmle.label | theZipcode |
 | test.cpp:99:42:99:51 | theZipcode | semmle.label | theZipcode |
+| test.cpp:99:42:99:51 | theZipcode | semmle.label | theZipcode |
+| test.cpp:99:42:99:51 | theZipcode | semmle.label | theZipcode |
+| test.cpp:99:61:99:70 | theZipcode | semmle.label | theZipcode |
+| test.cpp:99:61:99:70 | theZipcode | semmle.label | theZipcode |
 subpaths
-| test.cpp:81:22:81:28 | medical | test.cpp:45:18:45:23 | buffer | test.cpp:47:10:47:15 | buffer | test.cpp:81:17:81:20 | call to func |
 #select
 | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:57:9:57:18 | theZipcode | this source of private data. |
+| test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:57:9:57:18 | theZipcode | this source of private data. |
+| test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | test.cpp:57:9:57:18 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:57:9:57:18 | theZipcode | this source of private data. |
 | test.cpp:74:24:74:30 | medical | test.cpp:74:24:74:30 | medical | test.cpp:74:24:74:30 | medical | This write into the external location 'medical' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
+| test.cpp:78:24:78:27 | temp | test.cpp:74:24:74:30 | medical | test.cpp:78:24:78:27 | temp | This write into the external location 'temp' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
 | test.cpp:78:24:78:27 | temp | test.cpp:77:16:77:22 | medical | test.cpp:78:24:78:27 | temp | This write into the external location 'temp' may contain unencrypted data from $@. | test.cpp:77:16:77:22 | medical | this source of private data. |
+| test.cpp:82:24:82:28 | buff5 | test.cpp:74:24:74:30 | medical | test.cpp:82:24:82:28 | buff5 | This write into the external location 'buff5' may contain unencrypted data from $@. | test.cpp:74:24:74:30 | medical | this source of private data. |
+| test.cpp:82:24:82:28 | buff5 | test.cpp:77:16:77:22 | medical | test.cpp:82:24:82:28 | buff5 | This write into the external location 'buff5' may contain unencrypted data from $@. | test.cpp:77:16:77:22 | medical | this source of private data. |
 | test.cpp:82:24:82:28 | buff5 | test.cpp:81:22:81:28 | medical | test.cpp:82:24:82:28 | buff5 | This write into the external location 'buff5' may contain unencrypted data from $@. | test.cpp:81:22:81:28 | medical | this source of private data. |
 | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:96:37:96:46 | theZipcode | this source of private data. |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:96:37:96:46 | theZipcode | this source of private data. |
+| test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode | test.cpp:96:37:96:46 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:96:37:96:46 | theZipcode | this source of private data. |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:96:37:96:46 | theZipcode | this source of private data. |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:96:37:96:46 | theZipcode | this source of private data. |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:96:37:96:46 | theZipcode | this source of private data. |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:96:37:96:46 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:96:37:96:46 | theZipcode | this source of private data. |
 | test.cpp:99:42:99:51 | theZipcode | test.cpp:99:42:99:51 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:99:42:99:51 | theZipcode | this source of private data. |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:99:42:99:51 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:99:42:99:51 | theZipcode | this source of private data. |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:99:42:99:51 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:99:42:99:51 | theZipcode | this source of private data. |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:99:61:99:70 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:99:61:99:70 | theZipcode | this source of private data. |
+| test.cpp:99:42:99:51 | theZipcode | test.cpp:99:61:99:70 | theZipcode | test.cpp:99:42:99:51 | theZipcode | This write into the external location 'theZipcode' may contain unencrypted data from $@. | test.cpp:99:61:99:70 | theZipcode | this source of private data. |
--- a/cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected
+++ b/cpp/ql/test/query-tests/Critical/UnsafeUseOfThis/UnsafeUseOfThis.expected
@@ -1,103 +1,3 @@
 edges
-| test.cpp:7:3:7:3 | this | test.cpp:8:12:8:15 | Load |
-| test.cpp:8:12:8:15 | Load | test.cpp:8:12:8:15 | this |
-| test.cpp:8:12:8:15 | this | test.cpp:34:16:34:16 | x |
-| test.cpp:11:8:11:8 | b | test.cpp:12:5:12:5 | Load |
-| test.cpp:12:5:12:5 | (reference dereference) | test.cpp:12:5:12:5 | Unary |
-| test.cpp:12:5:12:5 | Load | test.cpp:12:5:12:5 | b |
-| test.cpp:12:5:12:5 | Unary | test.cpp:12:5:12:5 | (A)... |
-| test.cpp:12:5:12:5 | Unary | test.cpp:12:5:12:5 | (reference dereference) |
-| test.cpp:12:5:12:5 | b | test.cpp:12:5:12:5 | Unary |
-| test.cpp:15:3:15:4 | this | test.cpp:16:5:16:5 | Load |
-| test.cpp:16:5:16:5 | Load | test.cpp:16:5:16:5 | this |
-| test.cpp:16:5:16:5 | Unary | file://:0:0:0:0 | (A *)... |
-| test.cpp:16:5:16:5 | this | test.cpp:16:5:16:5 | Unary |
-| test.cpp:21:3:21:3 | Unary | test.cpp:21:13:21:13 | ConvertToNonVirtualBase |
-| test.cpp:21:3:21:3 | this | test.cpp:21:3:21:3 | Unary |
-| test.cpp:21:3:21:3 | this | test.cpp:22:12:22:15 | Load |
-| test.cpp:21:3:21:3 | this | test.cpp:25:7:25:10 | Load |
-| test.cpp:21:13:21:13 | ConvertToNonVirtualBase | test.cpp:7:3:7:3 | this |
-| test.cpp:22:12:22:15 | (B *)... | test.cpp:34:16:34:16 | x |
-| test.cpp:22:12:22:15 | Load | test.cpp:22:12:22:15 | this |
-| test.cpp:22:12:22:15 | Unary | test.cpp:22:12:22:15 | (B *)... |
-| test.cpp:22:12:22:15 | this | test.cpp:22:12:22:15 | Unary |
-| test.cpp:25:7:25:10 | (B *)... | test.cpp:25:7:25:10 | Unary |
-| test.cpp:25:7:25:10 | Load | test.cpp:25:7:25:10 | this |
-| test.cpp:25:7:25:10 | Unary | test.cpp:25:7:25:10 | (A *)... |
-| test.cpp:25:7:25:10 | Unary | test.cpp:25:7:25:10 | (B *)... |
-| test.cpp:25:7:25:10 | this | test.cpp:25:7:25:10 | Unary |
-| test.cpp:31:3:31:3 | this | test.cpp:31:12:31:15 | Load |
-| test.cpp:31:11:31:15 | (B)... | test.cpp:31:11:31:15 | Unary |
-| test.cpp:31:11:31:15 | (reference to) | test.cpp:11:8:11:8 | b |
-| test.cpp:31:11:31:15 | * ... | test.cpp:31:11:31:15 | Unary |
-| test.cpp:31:11:31:15 | Unary | test.cpp:31:11:31:15 | (B)... |
-| test.cpp:31:11:31:15 | Unary | test.cpp:31:11:31:15 | (reference to) |
-| test.cpp:31:12:31:15 | Load | test.cpp:31:12:31:15 | this |
-| test.cpp:31:12:31:15 | Unary | test.cpp:31:11:31:15 | * ... |
-| test.cpp:31:12:31:15 | this | test.cpp:31:12:31:15 | Unary |
-| test.cpp:34:16:34:16 | x | test.cpp:35:3:35:3 | Load |
-| test.cpp:35:3:35:3 | Load | test.cpp:35:3:35:3 | x |
-| test.cpp:35:3:35:3 | Unary | test.cpp:35:3:35:3 | (A *)... |
-| test.cpp:35:3:35:3 | x | test.cpp:35:3:35:3 | Unary |
-| test.cpp:47:3:47:3 | this | test.cpp:48:10:48:13 | Load |
-| test.cpp:48:10:48:13 | (E *)... | test.cpp:48:10:48:13 | Unary |
-| test.cpp:48:10:48:13 | Load | test.cpp:48:10:48:13 | this |
-| test.cpp:48:10:48:13 | Unary | test.cpp:48:6:48:13 | (A *)... |
-| test.cpp:48:10:48:13 | Unary | test.cpp:48:10:48:13 | (E *)... |
-| test.cpp:48:10:48:13 | this | test.cpp:48:10:48:13 | Unary |
 nodes
-| file://:0:0:0:0 | (A *)... | semmle.label | (A *)... |
-| test.cpp:7:3:7:3 | this | semmle.label | this |
-| test.cpp:8:12:8:15 | Load | semmle.label | Load |
-| test.cpp:8:12:8:15 | this | semmle.label | this |
-| test.cpp:11:8:11:8 | b | semmle.label | b |
-| test.cpp:12:5:12:5 | (A)... | semmle.label | (A)... |
-| test.cpp:12:5:12:5 | (reference dereference) | semmle.label | (reference dereference) |
-| test.cpp:12:5:12:5 | Load | semmle.label | Load |
-| test.cpp:12:5:12:5 | Unary | semmle.label | Unary |
-| test.cpp:12:5:12:5 | Unary | semmle.label | Unary |
-| test.cpp:12:5:12:5 | b | semmle.label | b |
-| test.cpp:15:3:15:4 | this | semmle.label | this |
-| test.cpp:16:5:16:5 | Load | semmle.label | Load |
-| test.cpp:16:5:16:5 | Unary | semmle.label | Unary |
-| test.cpp:16:5:16:5 | this | semmle.label | this |
-| test.cpp:21:3:21:3 | Unary | semmle.label | Unary |
-| test.cpp:21:3:21:3 | this | semmle.label | this |
-| test.cpp:21:13:21:13 | ConvertToNonVirtualBase | semmle.label | ConvertToNonVirtualBase |
-| test.cpp:22:12:22:15 | (B *)... | semmle.label | (B *)... |
-| test.cpp:22:12:22:15 | Load | semmle.label | Load |
-| test.cpp:22:12:22:15 | Unary | semmle.label | Unary |
-| test.cpp:22:12:22:15 | this | semmle.label | this |
-| test.cpp:25:7:25:10 | (A *)... | semmle.label | (A *)... |
-| test.cpp:25:7:25:10 | (B *)... | semmle.label | (B *)... |
-| test.cpp:25:7:25:10 | Load | semmle.label | Load |
-| test.cpp:25:7:25:10 | Unary | semmle.label | Unary |
-| test.cpp:25:7:25:10 | Unary | semmle.label | Unary |
-| test.cpp:25:7:25:10 | this | semmle.label | this |
-| test.cpp:31:3:31:3 | this | semmle.label | this |
-| test.cpp:31:11:31:15 | (B)... | semmle.label | (B)... |
-| test.cpp:31:11:31:15 | (reference to) | semmle.label | (reference to) |
-| test.cpp:31:11:31:15 | * ... | semmle.label | * ... |
-| test.cpp:31:11:31:15 | Unary | semmle.label | Unary |
-| test.cpp:31:11:31:15 | Unary | semmle.label | Unary |
-| test.cpp:31:12:31:15 | Load | semmle.label | Load |
-| test.cpp:31:12:31:15 | Unary | semmle.label | Unary |
-| test.cpp:31:12:31:15 | this | semmle.label | this |
-| test.cpp:34:16:34:16 | x | semmle.label | x |
-| test.cpp:35:3:35:3 | (A *)... | semmle.label | (A *)... |
-| test.cpp:35:3:35:3 | Load | semmle.label | Load |
-| test.cpp:35:3:35:3 | Unary | semmle.label | Unary |
-| test.cpp:35:3:35:3 | x | semmle.label | x |
-| test.cpp:47:3:47:3 | this | semmle.label | this |
-| test.cpp:48:6:48:13 | (A *)... | semmle.label | (A *)... |
-| test.cpp:48:10:48:13 | (E *)... | semmle.label | (E *)... |
-| test.cpp:48:10:48:13 | Load | semmle.label | Load |
-| test.cpp:48:10:48:13 | Unary | semmle.label | Unary |
-| test.cpp:48:10:48:13 | Unary | semmle.label | Unary |
-| test.cpp:48:10:48:13 | this | semmle.label | this |
 #select
-| test.cpp:12:7:12:7 | call to f | test.cpp:31:3:31:3 | this | test.cpp:12:5:12:5 | (A)... | Call to pure virtual function during construction. |
-| test.cpp:16:5:16:5 | call to f | test.cpp:15:3:15:4 | this | file://:0:0:0:0 | (A *)... | Call to pure virtual function during destruction. |
-| test.cpp:25:13:25:13 | call to f | test.cpp:21:3:21:3 | this | test.cpp:25:7:25:10 | (A *)... | Call to pure virtual function during construction. |
-| test.cpp:35:6:35:6 | call to f | test.cpp:7:3:7:3 | this | test.cpp:35:3:35:3 | (A *)... | Call to pure virtual function during construction. |
-| test.cpp:35:6:35:6 | call to f | test.cpp:21:3:21:3 | this | test.cpp:35:3:35:3 | (A *)... | Call to pure virtual function during construction. |
--- a/Bugs/Conversion/CastArrayPointerArithmetic/CastArrayPointerArithmetic.expected
+++ b/Bugs/Conversion/CastArrayPointerArithmetic/CastArrayPointerArithmetic.expected
@@ -1,137 +1,282 @@
 edges
-| test.cpp:26:29:26:29 | b | test.cpp:26:29:26:29 | b |
 | test.cpp:26:29:26:29 | b | test.cpp:27:2:27:2 | b |
 | test.cpp:30:34:30:34 | b | test.cpp:31:2:31:2 | b |
-| test.cpp:34:31:34:31 | b | test.cpp:34:31:34:31 | b |
 | test.cpp:34:31:34:31 | b | test.cpp:35:2:35:2 | b |
-| test.cpp:38:35:38:35 | d | test.cpp:38:35:38:35 | d |
 | test.cpp:38:35:38:35 | d | test.cpp:39:2:39:2 | d |
 | test.cpp:42:40:42:40 | d | test.cpp:43:2:43:2 | d |
-| test.cpp:46:37:46:37 | d | test.cpp:46:37:46:37 | d |
 | test.cpp:46:37:46:37 | d | test.cpp:47:2:47:2 | d |
+| test.cpp:50:31:50:31 | b | test.cpp:51:3:51:11 | (char *)... |
 | test.cpp:50:31:50:31 | b | test.cpp:51:11:51:11 | b |
+| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:57:19:57:19 | d |
+| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:58:25:58:25 | d |
+| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:59:21:59:21 | d |
+| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:61:22:61:22 | d |
+| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:62:28:62:28 | d |
+| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:63:24:63:24 | d |
+| test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:95:21:95:21 | d |
 | test.cpp:57:19:57:19 | d | test.cpp:26:29:26:29 | b |
-| test.cpp:57:19:57:19 | d | test.cpp:57:19:57:19 | ref arg d |
-| test.cpp:57:19:57:19 | ref arg d | test.cpp:58:25:58:25 | d |
-| test.cpp:57:19:57:19 | ref arg d | test.cpp:59:21:59:21 | d |
-| test.cpp:57:19:57:19 | ref arg d | test.cpp:61:22:61:22 | d |
-| test.cpp:57:19:57:19 | ref arg d | test.cpp:62:28:62:28 | d |
-| test.cpp:57:19:57:19 | ref arg d | test.cpp:63:24:63:24 | d |
-| test.cpp:57:19:57:19 | ref arg d | test.cpp:95:21:95:21 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:57:19:57:19 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:58:25:58:25 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:58:25:58:25 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:59:21:59:21 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:59:21:59:21 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:62:28:62:28 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:62:28:62:28 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:95:21:95:21 | d |
+| test.cpp:57:19:57:19 | d | test.cpp:95:21:95:21 | d |
+| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:58:25:58:25 | d |
+| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:59:21:59:21 | d |
+| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:61:22:61:22 | d |
+| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:62:28:62:28 | d |
+| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:63:24:63:24 | d |
+| test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:95:21:95:21 | d |
 | test.cpp:58:25:58:25 | d | test.cpp:30:34:30:34 | b |
+| test.cpp:58:25:58:25 | d | test.cpp:58:25:58:25 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:59:21:59:21 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:59:21:59:21 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:62:28:62:28 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:62:28:62:28 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:95:21:95:21 | d |
+| test.cpp:58:25:58:25 | d | test.cpp:95:21:95:21 | d |
+| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:59:21:59:21 | d |
+| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:61:22:61:22 | d |
+| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:62:28:62:28 | d |
+| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:63:24:63:24 | d |
+| test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:95:21:95:21 | d |
 | test.cpp:59:21:59:21 | d | test.cpp:34:31:34:31 | b |
-| test.cpp:59:21:59:21 | d | test.cpp:59:21:59:21 | ref arg d |
-| test.cpp:59:21:59:21 | ref arg d | test.cpp:61:22:61:22 | d |
-| test.cpp:59:21:59:21 | ref arg d | test.cpp:62:28:62:28 | d |
-| test.cpp:59:21:59:21 | ref arg d | test.cpp:63:24:63:24 | d |
-| test.cpp:59:21:59:21 | ref arg d | test.cpp:95:21:95:21 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:59:21:59:21 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:61:22:61:22 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:62:28:62:28 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:62:28:62:28 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:63:24:63:24 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:95:21:95:21 | d |
+| test.cpp:59:21:59:21 | d | test.cpp:95:21:95:21 | d |
 | test.cpp:61:22:61:22 | d | test.cpp:38:35:38:35 | d |
-| test.cpp:61:22:61:22 | d | test.cpp:61:22:61:22 | ref arg d |
-| test.cpp:61:22:61:22 | ref arg d | test.cpp:62:28:62:28 | d |
-| test.cpp:61:22:61:22 | ref arg d | test.cpp:63:24:63:24 | d |
-| test.cpp:61:22:61:22 | ref arg d | test.cpp:95:21:95:21 | d |
 | test.cpp:62:28:62:28 | d | test.cpp:42:40:42:40 | d |
 | test.cpp:63:24:63:24 | d | test.cpp:46:37:46:37 | d |
-| test.cpp:63:24:63:24 | d | test.cpp:63:24:63:24 | ref arg d |
-| test.cpp:63:24:63:24 | ref arg d | test.cpp:95:21:95:21 | d |
+| test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:74:19:74:21 | dss |
+| test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:75:25:75:27 | dss |
+| test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:76:21:76:23 | dss |
+| test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:96:21:96:23 | dss |
 | test.cpp:74:19:74:21 | dss | test.cpp:26:29:26:29 | b |
-| test.cpp:74:19:74:21 | dss | test.cpp:74:19:74:21 | ref arg dss |
-| test.cpp:74:19:74:21 | ref arg dss | test.cpp:75:25:75:27 | dss |
-| test.cpp:74:19:74:21 | ref arg dss | test.cpp:76:21:76:23 | dss |
-| test.cpp:74:19:74:21 | ref arg dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:74:19:74:21 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:75:25:75:27 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:75:25:75:27 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:76:21:76:23 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:76:21:76:23 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:74:19:74:21 | dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:75:25:75:27 | dss |
+| test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:76:21:76:23 | dss |
+| test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:96:21:96:23 | dss |
 | test.cpp:75:25:75:27 | dss | test.cpp:30:34:30:34 | b |
+| test.cpp:75:25:75:27 | dss | test.cpp:75:25:75:27 | dss |
+| test.cpp:75:25:75:27 | dss | test.cpp:76:21:76:23 | dss |
+| test.cpp:75:25:75:27 | dss | test.cpp:76:21:76:23 | dss |
+| test.cpp:75:25:75:27 | dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:75:25:75:27 | dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:76:21:76:23 | array to pointer conversion | test.cpp:76:21:76:23 | dss |
+| test.cpp:76:21:76:23 | array to pointer conversion | test.cpp:96:21:96:23 | dss |
 | test.cpp:76:21:76:23 | dss | test.cpp:34:31:34:31 | b |
-| test.cpp:76:21:76:23 | dss | test.cpp:76:21:76:23 | ref arg dss |
-| test.cpp:76:21:76:23 | ref arg dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:76:21:76:23 | dss | test.cpp:76:21:76:23 | dss |
+| test.cpp:76:21:76:23 | dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:76:21:76:23 | dss | test.cpp:96:21:96:23 | dss |
+| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:86:19:86:20 | d2 |
+| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:87:25:87:26 | d2 |
+| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:88:21:88:22 | d2 |
+| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:90:22:90:23 | d2 |
+| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:91:28:91:29 | d2 |
+| test.cpp:86:19:86:20 | (Derived *)... | test.cpp:92:24:92:25 | d2 |
+| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:86:19:86:20 | d2 |
+| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:87:25:87:26 | d2 |
+| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:88:21:88:22 | d2 |
+| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:90:22:90:23 | d2 |
+| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:91:28:91:29 | d2 |
+| test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:92:24:92:25 | d2 |
 | test.cpp:86:19:86:20 | d2 | test.cpp:26:29:26:29 | b |
-| test.cpp:86:19:86:20 | d2 | test.cpp:86:19:86:20 | ref arg d2 |
-| test.cpp:86:19:86:20 | ref arg d2 | test.cpp:87:25:87:26 | d2 |
-| test.cpp:86:19:86:20 | ref arg d2 | test.cpp:88:21:88:22 | d2 |
-| test.cpp:86:19:86:20 | ref arg d2 | test.cpp:90:22:90:23 | d2 |
-| test.cpp:86:19:86:20 | ref arg d2 | test.cpp:91:28:91:29 | d2 |
-| test.cpp:86:19:86:20 | ref arg d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:86:19:86:20 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:87:25:87:26 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:87:25:87:26 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:86:19:86:20 | d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:87:25:87:26 | d2 |
+| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:88:21:88:22 | d2 |
+| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:90:22:90:23 | d2 |
+| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:91:28:91:29 | d2 |
+| test.cpp:87:25:87:26 | (Derived *)... | test.cpp:92:24:92:25 | d2 |
+| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:87:25:87:26 | d2 |
+| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:88:21:88:22 | d2 |
+| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:90:22:90:23 | d2 |
+| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:91:28:91:29 | d2 |
+| test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:92:24:92:25 | d2 |
 | test.cpp:87:25:87:26 | d2 | test.cpp:30:34:30:34 | b |
+| test.cpp:87:25:87:26 | d2 | test.cpp:87:25:87:26 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:87:25:87:26 | d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:88:21:88:22 | (Derived *)... | test.cpp:88:21:88:22 | d2 |
+| test.cpp:88:21:88:22 | (Derived *)... | test.cpp:90:22:90:23 | d2 |
+| test.cpp:88:21:88:22 | (Derived *)... | test.cpp:91:28:91:29 | d2 |
+| test.cpp:88:21:88:22 | (Derived *)... | test.cpp:92:24:92:25 | d2 |
+| test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:88:21:88:22 | d2 |
+| test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:90:22:90:23 | d2 |
+| test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:91:28:91:29 | d2 |
+| test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:92:24:92:25 | d2 |
 | test.cpp:88:21:88:22 | d2 | test.cpp:34:31:34:31 | b |
-| test.cpp:88:21:88:22 | d2 | test.cpp:88:21:88:22 | ref arg d2 |
-| test.cpp:88:21:88:22 | ref arg d2 | test.cpp:90:22:90:23 | d2 |
-| test.cpp:88:21:88:22 | ref arg d2 | test.cpp:91:28:91:29 | d2 |
-| test.cpp:88:21:88:22 | ref arg d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:88:21:88:22 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:90:22:90:23 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:91:28:91:29 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:92:24:92:25 | d2 |
+| test.cpp:88:21:88:22 | d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:90:22:90:23 | d2 | test.cpp:38:35:38:35 | d |
-| test.cpp:90:22:90:23 | d2 | test.cpp:90:22:90:23 | ref arg d2 |
-| test.cpp:90:22:90:23 | ref arg d2 | test.cpp:91:28:91:29 | d2 |
-| test.cpp:90:22:90:23 | ref arg d2 | test.cpp:92:24:92:25 | d2 |
 | test.cpp:91:28:91:29 | d2 | test.cpp:42:40:42:40 | d |
 | test.cpp:92:24:92:25 | d2 | test.cpp:46:37:46:37 | d |
+| test.cpp:95:21:95:21 | array to pointer conversion | test.cpp:95:21:95:21 | d |
 | test.cpp:95:21:95:21 | d | test.cpp:50:31:50:31 | b |
+| test.cpp:95:21:95:21 | d | test.cpp:95:21:95:21 | d |
+| test.cpp:96:21:96:23 | array to pointer conversion | test.cpp:96:21:96:23 | dss |
 | test.cpp:96:21:96:23 | dss | test.cpp:50:31:50:31 | b |
+| test.cpp:96:21:96:23 | dss | test.cpp:96:21:96:23 | dss |
 nodes
 | test.cpp:26:29:26:29 | b | semmle.label | b |
-| test.cpp:26:29:26:29 | b | semmle.label | b |
 | test.cpp:27:2:27:2 | b | semmle.label | b |
 | test.cpp:30:34:30:34 | b | semmle.label | b |
 | test.cpp:31:2:31:2 | b | semmle.label | b |
 | test.cpp:34:31:34:31 | b | semmle.label | b |
-| test.cpp:34:31:34:31 | b | semmle.label | b |
 | test.cpp:35:2:35:2 | b | semmle.label | b |
 | test.cpp:38:35:38:35 | d | semmle.label | d |
-| test.cpp:38:35:38:35 | d | semmle.label | d |
 | test.cpp:39:2:39:2 | d | semmle.label | d |
 | test.cpp:42:40:42:40 | d | semmle.label | d |
 | test.cpp:43:2:43:2 | d | semmle.label | d |
 | test.cpp:46:37:46:37 | d | semmle.label | d |
-| test.cpp:46:37:46:37 | d | semmle.label | d |
 | test.cpp:47:2:47:2 | d | semmle.label | d |
 | test.cpp:50:31:50:31 | b | semmle.label | b |
+| test.cpp:51:3:51:11 | (char *)... | semmle.label | (char *)... |
 | test.cpp:51:11:51:11 | b | semmle.label | b |
+| test.cpp:57:19:57:19 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:57:19:57:19 | d | semmle.label | d |
-| test.cpp:57:19:57:19 | ref arg d | semmle.label | ref arg d |
+| test.cpp:57:19:57:19 | d | semmle.label | d |
+| test.cpp:58:25:58:25 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:58:25:58:25 | d | semmle.label | d |
+| test.cpp:58:25:58:25 | d | semmle.label | d |
+| test.cpp:59:21:59:21 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:59:21:59:21 | d | semmle.label | d |
 | test.cpp:59:21:59:21 | d | semmle.label | d |
-| test.cpp:59:21:59:21 | ref arg d | semmle.label | ref arg d |
 | test.cpp:61:22:61:22 | d | semmle.label | d |
-| test.cpp:61:22:61:22 | ref arg d | semmle.label | ref arg d |
 | test.cpp:62:28:62:28 | d | semmle.label | d |
 | test.cpp:63:24:63:24 | d | semmle.label | d |
-| test.cpp:63:24:63:24 | ref arg d | semmle.label | ref arg d |
+| test.cpp:74:19:74:21 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:74:19:74:21 | dss | semmle.label | dss |
-| test.cpp:74:19:74:21 | ref arg dss | semmle.label | ref arg dss |
+| test.cpp:74:19:74:21 | dss | semmle.label | dss |
+| test.cpp:75:25:75:27 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:75:25:75:27 | dss | semmle.label | dss |
+| test.cpp:75:25:75:27 | dss | semmle.label | dss |
+| test.cpp:76:21:76:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:76:21:76:23 | dss | semmle.label | dss |
-| test.cpp:76:21:76:23 | ref arg dss | semmle.label | ref arg dss |
+| test.cpp:76:21:76:23 | dss | semmle.label | dss |
+| test.cpp:86:19:86:20 | (Derived *)... | semmle.label | (Derived *)... |
+| test.cpp:86:19:86:20 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:86:19:86:20 | d2 | semmle.label | d2 |
-| test.cpp:86:19:86:20 | ref arg d2 | semmle.label | ref arg d2 |
+| test.cpp:86:19:86:20 | d2 | semmle.label | d2 |
+| test.cpp:87:25:87:26 | (Derived *)... | semmle.label | (Derived *)... |
+| test.cpp:87:25:87:26 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:87:25:87:26 | d2 | semmle.label | d2 |
+| test.cpp:87:25:87:26 | d2 | semmle.label | d2 |
+| test.cpp:88:21:88:22 | (Derived *)... | semmle.label | (Derived *)... |
+| test.cpp:88:21:88:22 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:88:21:88:22 | d2 | semmle.label | d2 |
 | test.cpp:88:21:88:22 | d2 | semmle.label | d2 |
-| test.cpp:88:21:88:22 | ref arg d2 | semmle.label | ref arg d2 |
 | test.cpp:90:22:90:23 | d2 | semmle.label | d2 |
-| test.cpp:90:22:90:23 | ref arg d2 | semmle.label | ref arg d2 |
 | test.cpp:91:28:91:29 | d2 | semmle.label | d2 |
 | test.cpp:92:24:92:25 | d2 | semmle.label | d2 |
+| test.cpp:95:21:95:21 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:95:21:95:21 | d | semmle.label | d |
+| test.cpp:95:21:95:21 | d | semmle.label | d |
+| test.cpp:96:21:96:23 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:96:21:96:23 | dss | semmle.label | dss |
 | test.cpp:96:21:96:23 | dss | semmle.label | dss |
 subpaths
-| test.cpp:57:19:57:19 | d | test.cpp:26:29:26:29 | b | test.cpp:26:29:26:29 | b | test.cpp:57:19:57:19 | ref arg d |
-| test.cpp:59:21:59:21 | d | test.cpp:34:31:34:31 | b | test.cpp:34:31:34:31 | b | test.cpp:59:21:59:21 | ref arg d |
-| test.cpp:61:22:61:22 | d | test.cpp:38:35:38:35 | d | test.cpp:38:35:38:35 | d | test.cpp:61:22:61:22 | ref arg d |
-| test.cpp:63:24:63:24 | d | test.cpp:46:37:46:37 | d | test.cpp:46:37:46:37 | d | test.cpp:63:24:63:24 | ref arg d |
-| test.cpp:74:19:74:21 | dss | test.cpp:26:29:26:29 | b | test.cpp:26:29:26:29 | b | test.cpp:74:19:74:21 | ref arg dss |
-| test.cpp:76:21:76:23 | dss | test.cpp:34:31:34:31 | b | test.cpp:34:31:34:31 | b | test.cpp:76:21:76:23 | ref arg dss |
-| test.cpp:86:19:86:20 | d2 | test.cpp:26:29:26:29 | b | test.cpp:26:29:26:29 | b | test.cpp:86:19:86:20 | ref arg d2 |
-| test.cpp:88:21:88:22 | d2 | test.cpp:34:31:34:31 | b | test.cpp:34:31:34:31 | b | test.cpp:88:21:88:22 | ref arg d2 |
-| test.cpp:90:22:90:23 | d2 | test.cpp:38:35:38:35 | d | test.cpp:38:35:38:35 | d | test.cpp:90:22:90:23 | ref arg d2 |
 #select
+| test.cpp:27:2:27:2 | b | test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | array to pointer conversion | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:57:19:57:19 | d | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:57:19:57:19 | d | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | array to pointer conversion | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | (Derived *)... | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | (Derived *)... | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | array to pointer conversion | this cast |
 | test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:27:2:27:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:27:2:27:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:57:19:57:19 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:57:19:57:19 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:58:25:58:25 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:58:25:58:25 | d | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | (Derived *)... | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | (Derived *)... | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | (Derived *)... | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | (Derived *)... | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | array to pointer conversion | this cast |
 | test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
+| test.cpp:31:2:31:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:31:2:31:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:57:19:57:19 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:57:19:57:19 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:57:19:57:19 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:57:19:57:19 | d | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:58:25:58:25 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | array to pointer conversion | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:58:25:58:25 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:58:25:58:25 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:58:25:58:25 | d | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:59:21:59:21 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:59:21:59:21 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:59:21:59:21 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:59:21:59:21 | d | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:59:21:59:21 | d | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:59:21:59:21 | d | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:74:19:74:21 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:74:19:74:21 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:74:19:74:21 | dss | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:75:25:75:27 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | array to pointer conversion | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:75:25:75:27 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:75:25:75:27 | dss | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:76:21:76:23 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:76:21:76:23 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:76:21:76:23 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:76:21:76:23 | dss | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:76:21:76:23 | dss | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:76:21:76:23 | dss | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | (Derived *)... | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | (Derived *)... | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | array to pointer conversion | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:86:19:86:20 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:86:19:86:20 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | (Derived *)... | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | (Derived *)... | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | array to pointer conversion | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:87:25:87:26 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:87:25:87:26 | d2 | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | (Derived *)... | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | (Derived *)... | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | array to pointer conversion | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | array to pointer conversion | this cast |
+| test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | d2 | this cast |
 | test.cpp:35:2:35:2 | b | test.cpp:88:21:88:22 | d2 | test.cpp:35:2:35:2 | b | This pointer arithmetic may be done with the wrong type because of $@. | test.cpp:88:21:88:22 | d2 | this cast |
--- a/Bugs/Format/NonConstantFormat/NonConstantFormat.expected
+++ b/Bugs/Format/NonConstantFormat/NonConstantFormat.expected
@@ -1,21 +1 @@
-| NonConstantFormat.c:30:10:30:16 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| NonConstantFormat.c:41:9:41:27 | call to any_random_function | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| nested.cpp:21:23:21:26 | fmt0 | The format string argument to snprintf should be constant to prevent security issues and other potential errors. |
-| nested.cpp:79:32:79:38 | call to get_fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
-| nested.cpp:87:18:87:20 | fmt | The format string argument to diagnostic should be constant to prevent security issues and other potential errors. |
-| test.cpp:50:10:50:21 | call to make_message | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:56:12:56:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:59:12:59:21 | call to const_wash | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:60:12:60:26 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:61:12:61:17 | + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:62:12:62:18 | * ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:63:12:63:18 | & ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:64:12:64:39 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:66:10:66:35 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:69:12:69:20 | ... + ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:75:12:75:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:81:12:81:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:87:12:87:16 | hello | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:92:12:92:18 | ++ ... | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:109:12:109:24 | new[] | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| test.cpp:129:20:129:26 | access to array | The format string argument to sprintf should be constant to prevent security issues and other potential errors. |
+Timeout (5m0s) in DataFlowUtil#47741e1f::simpleLocalFlowStep#2#ff
--- a/Year/Adding365DaysPerYear/Adding365daysPerYear.expected
+++ b/Year/Adding365DaysPerYear/Adding365daysPerYear.expected
@@ -1,5 +0,0 @@
-| test.cpp:173:2:173:52 | ... = ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:170:2:170:47 | ... += ... | ... += ... |
-| test.cpp:174:2:174:46 | ... = ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:170:2:170:47 | ... += ... | ... += ... |
-| test.cpp:193:2:193:24 | ... = ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:193:2:193:24 | ... = ... | ... = ... |
-| test.cpp:217:2:217:52 | ... = ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:214:2:214:47 | ... += ... | ... += ... |
-| test.cpp:218:2:218:46 | ... = ... | An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios. | test.cpp:214:2:214:47 | ... += ... | ... += ... |
--- a/Typos/inconsistentLoopDirection/inconsistentLoopDirection.expected
+++ b/Typos/inconsistentLoopDirection/inconsistentLoopDirection.expected
@@ -1,25 +0,0 @@
-| inconsistentLoopDirection.c:5:5:7:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (100). |
-| inconsistentLoopDirection.c:13:5:15:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.c:27:5:29:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (100). |
-| inconsistentLoopDirection.c:35:5:37:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.c:48:5:50:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (100). |
-| inconsistentLoopDirection.c:58:5:60:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.cpp:5:5:7:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (100). |
-| inconsistentLoopDirection.cpp:13:5:15:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.cpp:27:5:29:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (100). |
-| inconsistentLoopDirection.cpp:35:5:37:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.cpp:46:5:48:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (100). |
-| inconsistentLoopDirection.cpp:54:5:56:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.cpp:69:5:71:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (min), but the terminal condition is higher (max). |
-| inconsistentLoopDirection.cpp:77:5:79:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (max), but the terminal condition is lower (min). |
-| inconsistentLoopDirection.cpp:91:5:93:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (100). |
-| inconsistentLoopDirection.cpp:101:5:103:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.cpp:118:5:120:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (max), but the terminal condition is always false. |
-| inconsistentLoopDirection.cpp:122:5:124:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (min), but the terminal condition is always false. |
-| inconsistentLoopDirection.cpp:133:5:135:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (100), but the terminal condition is always false. |
-| inconsistentLoopDirection.cpp:140:5:142:5 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (200), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.cpp:175:5:175:36 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts downward from a value (0), but the terminal condition is higher (10). |
-| inconsistentLoopDirection.cpp:179:5:179:38 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "i" counts upward from a value (100), but the terminal condition is lower (0). |
-| inconsistentLoopDirection.cpp:196:5:196:32 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "s" counts downward from a value (63), but the terminal condition is higher (64). |
-| inconsistentLoopDirection.cpp:197:5:197:34 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "s" counts downward from a value (... + ...), but the terminal condition is always false. |
-| inconsistentLoopDirection.cpp:215:3:215:33 | for(...;...;...) ... | Ill-defined for-loop: a loop using variable "s" counts downward from a value (... - ...), but the terminal condition is higher (64). |
--- a/Management/AllocaInLoop/AllocaInLoop.expected
+++ b/Management/AllocaInLoop/AllocaInLoop.expected
@@ -7,12 +7,22 @@
 | AllocaInLoop1ms.cpp:79:19:79:25 | call to _alloca | Stack allocation is inside a $@ loop. | AllocaInLoop1ms.cpp:70:3:87:3 | for(...;...;...) ... | for(...;...;...) ... |
 | AllocaInLoop2.c:39:30:39:35 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop2.c:29:5:48:19 | do (...) ... | do (...) ... |
 | AllocaInLoop3.cpp:45:23:45:28 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | AllocaInLoop3.cpp:43:2:49:19 | do (...) ... | do (...) ... |
+| BoundedLoop.cpp:19:5:19:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:18:3:20:3 | for(...;...;...) ... | for(...;...;...) ... |
 | BoundedLoop.cpp:25:5:25:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:24:3:26:3 | for(...;...;...) ... | for(...;...;...) ... |
+| BoundedLoop.cpp:32:5:32:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:31:3:33:20 | do (...) ... | do (...) ... |
 | BoundedLoop.cpp:38:5:38:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:37:3:39:3 | for(...;...;...) ... | for(...;...;...) ... |
+| BoundedLoop.cpp:48:5:48:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:46:3:49:3 | while (...) ... | while (...) ... |
 | BoundedLoop.cpp:55:5:55:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:54:3:59:3 | while (...) ... | while (...) ... |
 | BoundedLoop.cpp:64:5:64:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:63:3:68:3 | for(...;...;...) ... | for(...;...;...) ... |
 | BoundedLoop.cpp:73:5:73:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:72:3:74:3 | for(...;...;...) ... | for(...;...;...) ... |
+| BoundedLoop.cpp:85:5:85:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:84:3:86:3 | for(...;...;...) ... | for(...;...;...) ... |
 | BoundedLoop.cpp:97:5:97:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:96:3:98:3 | for(...;...;...) ... | for(...;...;...) ... |
 | BoundedLoop.cpp:105:5:105:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:104:3:106:3 | for(...;...;...) ... | for(...;...;...) ... |
+| BoundedLoop.cpp:112:7:112:12 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:110:3:114:3 | for(...;...;...) ... | for(...;...;...) ... |
+| BoundedLoop.cpp:112:7:112:12 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:111:5:113:5 | for(...;...;...) ... | for(...;...;...) ... |
+| BoundedLoop.cpp:124:7:124:12 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:120:3:127:3 | for(...;...;...) ... | for(...;...;...) ... |
 | BoundedLoop.cpp:138:5:138:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:137:3:139:3 | for(...;...;...) ... | for(...;...;...) ... |
+| BoundedLoop.cpp:156:5:156:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:155:3:157:3 | for(...;...;...) ... | for(...;...;...) ... |
+| BoundedLoop.cpp:164:5:164:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:163:3:165:3 | while (...) ... | while (...) ... |
+| BoundedLoop.cpp:170:5:170:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:169:3:171:3 | for(...;...;...) ... | for(...;...;...) ... |
 | BoundedLoop.cpp:176:5:176:10 | call to __builtin_alloca | Stack allocation is inside a $@ loop. | BoundedLoop.cpp:175:3:177:3 | for(...;...;...) ... | for(...;...;...) ... |
--- a/Management/NtohlArrayNoBound/NtohlArrayNoBound.expected
+++ b/Management/NtohlArrayNoBound/NtohlArrayNoBound.expected
@@ -1,8 +1,17 @@
 | test.cpp:12:25:12:29 | call to ntohl | Unchecked use of data from network function $@. | test.cpp:12:25:12:29 | call to ntohl | call to ntohl |
+| test.cpp:12:25:12:34 | call to ntohl | Unchecked use of data from network function $@. | test.cpp:12:25:12:29 | call to ntohl | call to ntohl |
+| test.cpp:12:25:12:34 | call to ntohl | Unchecked use of data from network function $@. | test.cpp:12:25:12:34 | call to ntohl | call to ntohl |
 | test.cpp:21:26:21:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
+| test.cpp:21:26:21:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
 | test.cpp:31:26:31:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
+| test.cpp:31:26:31:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
 | test.cpp:61:26:61:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
+| test.cpp:61:26:61:29 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
 | test.cpp:64:9:64:12 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
+| test.cpp:64:9:64:12 | len2 | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
 | test.cpp:73:10:73:13 | lens | Unchecked use of data from network function $@. | test.cpp:10:16:10:20 | call to ntohl | call to ntohl |
+| test.cpp:73:10:73:13 | lens | Unchecked use of data from network function $@. | test.cpp:10:16:10:25 | (size_t)... | (size_t)... |
 | test.cpp:86:10:86:13 | len3 | Unchecked use of data from network function $@. | test.cpp:85:10:85:14 | call to ntohl | call to ntohl |
+| test.cpp:86:10:86:13 | len3 | Unchecked use of data from network function $@. | test.cpp:85:10:85:19 | (size_t)... | (size_t)... |
 | test.cpp:94:9:94:11 | len | Unchecked use of data from network function $@. | test.cpp:99:8:99:12 | call to ntohl | call to ntohl |
+| test.cpp:94:9:94:11 | len | Unchecked use of data from network function $@. | test.cpp:99:8:99:17 | call to ntohl | call to ntohl |
--- a/Management/ReturnCstrOfLocalStdString/ReturnCstrOfLocalStdString.expected
+++ b/Management/ReturnCstrOfLocalStdString/ReturnCstrOfLocalStdString.expected
@@ -1,3 +1 @@
-| test.cpp:24:3:24:26 | return ... | Return value may contain a dangling pointer to $@. | test.cpp:23:24:23:37 | call to basic_string | this local std::string |
 | test.cpp:32:3:32:44 | return ... | Return value may contain a dangling pointer to $@. | test.cpp:32:10:32:35 | call to basic_string | this local std::string |
-| test.cpp:45:3:45:42 | return ... | Return value may contain a dangling pointer to $@. | test.cpp:44:22:44:35 | call to basic_string | this local std::string |
--- a/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
+++ b/Management/ReturnStackAllocatedMemory/ReturnStackAllocatedMemory.expected
@@ -2,24 +2,6 @@ edges
 | test.cpp:17:9:17:11 | & ... | test.cpp:17:9:17:11 | StoreValue |
 | test.cpp:17:10:17:11 | Unary | test.cpp:17:9:17:11 | & ... |
 | test.cpp:17:10:17:11 | mc | test.cpp:17:10:17:11 | Unary |
-| test.cpp:23:17:23:19 | & ... | test.cpp:23:17:23:19 | StoreValue |
-| test.cpp:23:17:23:19 | Store | test.cpp:25:9:25:11 | Load |
-| test.cpp:23:17:23:19 | StoreValue | test.cpp:23:17:23:19 | Store |
-| test.cpp:23:18:23:19 | Unary | test.cpp:23:17:23:19 | & ... |
-| test.cpp:23:18:23:19 | mc | test.cpp:23:18:23:19 | Unary |
-| test.cpp:25:9:25:11 | Load | test.cpp:25:9:25:11 | ptr |
-| test.cpp:25:9:25:11 | ptr | test.cpp:25:9:25:11 | StoreValue |
-| test.cpp:39:17:39:18 | (reference to) | test.cpp:39:17:39:18 | StoreValue |
-| test.cpp:39:17:39:18 | Store | test.cpp:41:10:41:12 | Load |
-| test.cpp:39:17:39:18 | StoreValue | test.cpp:39:17:39:18 | Store |
-| test.cpp:39:17:39:18 | Unary | test.cpp:39:17:39:18 | (reference to) |
-| test.cpp:39:17:39:18 | mc | test.cpp:39:17:39:18 | Unary |
-| test.cpp:41:9:41:12 | & ... | test.cpp:41:9:41:12 | StoreValue |
-| test.cpp:41:10:41:12 | (reference dereference) | test.cpp:41:10:41:12 | Unary |
-| test.cpp:41:10:41:12 | Load | test.cpp:41:10:41:12 | ref |
-| test.cpp:41:10:41:12 | Unary | test.cpp:41:9:41:12 | & ... |
-| test.cpp:41:10:41:12 | Unary | test.cpp:41:10:41:12 | (reference dereference) |
-| test.cpp:41:10:41:12 | ref | test.cpp:41:10:41:12 | Unary |
 | test.cpp:47:9:47:10 | (reference to) | test.cpp:47:9:47:10 | StoreValue |
 | test.cpp:47:9:47:10 | Unary | test.cpp:47:9:47:10 | (reference to) |
 | test.cpp:47:9:47:10 | mc | test.cpp:47:9:47:10 | Unary |
@@ -28,13 +10,6 @@ edges
 | test.cpp:54:11:54:12 | mc | test.cpp:54:11:54:12 | Unary |
 | test.cpp:54:14:54:14 | Unary | test.cpp:54:9:54:15 | & ... |
 | test.cpp:54:14:54:14 | a | test.cpp:54:14:54:14 | Unary |
-| test.cpp:89:3:89:11 | Store | test.cpp:92:9:92:11 | Load |
-| test.cpp:89:9:89:11 | & ... | test.cpp:89:9:89:11 | StoreValue |
-| test.cpp:89:9:89:11 | StoreValue | test.cpp:89:3:89:11 | Store |
-| test.cpp:89:10:89:11 | Unary | test.cpp:89:9:89:11 | & ... |
-| test.cpp:89:10:89:11 | mc | test.cpp:89:10:89:11 | Unary |
-| test.cpp:92:9:92:11 | Load | test.cpp:92:9:92:11 | ptr |
-| test.cpp:92:9:92:11 | ptr | test.cpp:92:9:92:11 | StoreValue |
 | test.cpp:112:9:112:11 | Unary | test.cpp:112:9:112:11 | array to pointer conversion |
 | test.cpp:112:9:112:11 | arr | test.cpp:112:9:112:11 | Unary |
 | test.cpp:112:9:112:11 | array to pointer conversion | test.cpp:112:9:112:11 | StoreValue |
@@ -45,86 +20,11 @@ edges
 | test.cpp:119:11:119:13 | array to pointer conversion | test.cpp:119:11:119:13 | Left |
 | test.cpp:119:11:119:17 | Unary | test.cpp:119:9:119:18 | & ... |
 | test.cpp:119:11:119:17 | access to array | test.cpp:119:11:119:17 | Unary |
-| test.cpp:134:2:134:14 | Store | test.cpp:135:2:135:4 | Load |
-| test.cpp:134:8:134:10 | Left | test.cpp:134:8:134:14 | ... + ... |
-| test.cpp:134:8:134:10 | Unary | test.cpp:134:8:134:10 | array to pointer conversion |
-| test.cpp:134:8:134:10 | arr | test.cpp:134:8:134:10 | Unary |
-| test.cpp:134:8:134:10 | array to pointer conversion | test.cpp:134:8:134:10 | Left |
-| test.cpp:134:8:134:14 | ... + ... | test.cpp:134:8:134:14 | StoreValue |
-| test.cpp:134:8:134:14 | StoreValue | test.cpp:134:2:134:14 | Store |
-| test.cpp:135:2:135:4 | Left | test.cpp:135:2:135:6 | PointerAdd |
-| test.cpp:135:2:135:4 | Load | test.cpp:135:2:135:4 | ptr |
-| test.cpp:135:2:135:4 | ptr | test.cpp:135:2:135:4 | Left |
-| test.cpp:135:2:135:6 | PointerAdd | test.cpp:135:2:135:6 | StoreValue |
-| test.cpp:135:2:135:6 | Store | test.cpp:137:9:137:11 | Load |
-| test.cpp:135:2:135:6 | StoreValue | test.cpp:135:2:135:6 | Store |
-| test.cpp:137:9:137:11 | Load | test.cpp:137:9:137:11 | ptr |
-| test.cpp:137:9:137:11 | ptr | test.cpp:137:9:137:11 | StoreValue |
-| test.cpp:170:26:170:41 | (void *)... | test.cpp:170:26:170:41 | StoreValue |
-| test.cpp:170:26:170:41 | Store | test.cpp:171:10:171:23 | Load |
-| test.cpp:170:26:170:41 | StoreValue | test.cpp:170:26:170:41 | Store |
-| test.cpp:170:34:170:41 | & ... | test.cpp:170:34:170:41 | Unary |
-| test.cpp:170:34:170:41 | Unary | test.cpp:170:26:170:41 | (void *)... |
-| test.cpp:170:35:170:41 | Unary | test.cpp:170:34:170:41 | & ... |
-| test.cpp:170:35:170:41 | myLocal | test.cpp:170:35:170:41 | Unary |
-| test.cpp:171:10:171:23 | Load | test.cpp:171:10:171:23 | pointerToLocal |
-| test.cpp:171:10:171:23 | pointerToLocal | test.cpp:171:10:171:23 | StoreValue |
-| test.cpp:176:25:176:34 | Store | test.cpp:177:10:177:23 | Load |
-| test.cpp:176:25:176:34 | StoreValue | test.cpp:176:25:176:34 | Store |
-| test.cpp:176:25:176:34 | Unary | test.cpp:176:25:176:34 | array to pointer conversion |
-| test.cpp:176:25:176:34 | array to pointer conversion | test.cpp:176:25:176:34 | StoreValue |
-| test.cpp:176:25:176:34 | localArray | test.cpp:176:25:176:34 | Unary |
-| test.cpp:177:10:177:23 | (void *)... | test.cpp:177:10:177:23 | StoreValue |
-| test.cpp:177:10:177:23 | Load | test.cpp:177:10:177:23 | pointerToLocal |
-| test.cpp:177:10:177:23 | Unary | test.cpp:177:10:177:23 | (void *)... |
-| test.cpp:177:10:177:23 | pointerToLocal | test.cpp:177:10:177:23 | Unary |
-| test.cpp:182:21:182:27 | (reference to) | test.cpp:182:21:182:27 | StoreValue |
-| test.cpp:182:21:182:27 | Store | test.cpp:183:10:183:19 | Load |
-| test.cpp:182:21:182:27 | StoreValue | test.cpp:182:21:182:27 | Store |
-| test.cpp:182:21:182:27 | Unary | test.cpp:182:21:182:27 | (reference to) |
-| test.cpp:182:21:182:27 | myLocal | test.cpp:182:21:182:27 | Unary |
-| test.cpp:183:10:183:19 | (reference dereference) | test.cpp:183:10:183:19 | Unary |
-| test.cpp:183:10:183:19 | (reference to) | test.cpp:183:10:183:19 | StoreValue |
-| test.cpp:183:10:183:19 | Load | test.cpp:183:10:183:19 | refToLocal |
-| test.cpp:183:10:183:19 | Unary | test.cpp:183:10:183:19 | (reference dereference) |
-| test.cpp:183:10:183:19 | Unary | test.cpp:183:10:183:19 | (reference to) |
-| test.cpp:183:10:183:19 | refToLocal | test.cpp:183:10:183:19 | Unary |
-| test.cpp:189:16:189:16 | (reference to) | test.cpp:189:16:189:16 | StoreValue |
-| test.cpp:189:16:189:16 | Store | test.cpp:190:10:190:13 | Load |
-| test.cpp:189:16:189:16 | StoreValue | test.cpp:189:16:189:16 | Store |
-| test.cpp:189:16:189:16 | Unary | test.cpp:189:16:189:16 | (reference to) |
-| test.cpp:189:16:189:16 | p | test.cpp:189:16:189:16 | Unary |
-| test.cpp:190:10:190:13 | (reference dereference) | test.cpp:190:10:190:13 | Unary |
-| test.cpp:190:10:190:13 | (reference to) | test.cpp:190:10:190:13 | StoreValue |
-| test.cpp:190:10:190:13 | Load | test.cpp:190:10:190:13 | pRef |
-| test.cpp:190:10:190:13 | Unary | test.cpp:190:10:190:13 | (reference dereference) |
-| test.cpp:190:10:190:13 | Unary | test.cpp:190:10:190:13 | (reference to) |
-| test.cpp:190:10:190:13 | pRef | test.cpp:190:10:190:13 | Unary |
 nodes
 | test.cpp:17:9:17:11 | & ... | semmle.label | & ... |
 | test.cpp:17:9:17:11 | StoreValue | semmle.label | StoreValue |
 | test.cpp:17:10:17:11 | Unary | semmle.label | Unary |
 | test.cpp:17:10:17:11 | mc | semmle.label | mc |
-| test.cpp:23:17:23:19 | & ... | semmle.label | & ... |
-| test.cpp:23:17:23:19 | Store | semmle.label | Store |
-| test.cpp:23:17:23:19 | StoreValue | semmle.label | StoreValue |
-| test.cpp:23:18:23:19 | Unary | semmle.label | Unary |
-| test.cpp:23:18:23:19 | mc | semmle.label | mc |
-| test.cpp:25:9:25:11 | Load | semmle.label | Load |
-| test.cpp:25:9:25:11 | StoreValue | semmle.label | StoreValue |
-| test.cpp:25:9:25:11 | ptr | semmle.label | ptr |
-| test.cpp:39:17:39:18 | (reference to) | semmle.label | (reference to) |
-| test.cpp:39:17:39:18 | Store | semmle.label | Store |
-| test.cpp:39:17:39:18 | StoreValue | semmle.label | StoreValue |
-| test.cpp:39:17:39:18 | Unary | semmle.label | Unary |
-| test.cpp:39:17:39:18 | mc | semmle.label | mc |
-| test.cpp:41:9:41:12 | & ... | semmle.label | & ... |
-| test.cpp:41:9:41:12 | StoreValue | semmle.label | StoreValue |
-| test.cpp:41:10:41:12 | (reference dereference) | semmle.label | (reference dereference) |
-| test.cpp:41:10:41:12 | Load | semmle.label | Load |
-| test.cpp:41:10:41:12 | Unary | semmle.label | Unary |
-| test.cpp:41:10:41:12 | Unary | semmle.label | Unary |
-| test.cpp:41:10:41:12 | ref | semmle.label | ref |
 | test.cpp:47:9:47:10 | (reference to) | semmle.label | (reference to) |
 | test.cpp:47:9:47:10 | StoreValue | semmle.label | StoreValue |
 | test.cpp:47:9:47:10 | Unary | semmle.label | Unary |
@@ -135,14 +35,6 @@ nodes
 | test.cpp:54:11:54:12 | mc | semmle.label | mc |
 | test.cpp:54:14:54:14 | Unary | semmle.label | Unary |
 | test.cpp:54:14:54:14 | a | semmle.label | a |
-| test.cpp:89:3:89:11 | Store | semmle.label | Store |
-| test.cpp:89:9:89:11 | & ... | semmle.label | & ... |
-| test.cpp:89:9:89:11 | StoreValue | semmle.label | StoreValue |
-| test.cpp:89:10:89:11 | Unary | semmle.label | Unary |
-| test.cpp:89:10:89:11 | mc | semmle.label | mc |
-| test.cpp:92:9:92:11 | Load | semmle.label | Load |
-| test.cpp:92:9:92:11 | StoreValue | semmle.label | StoreValue |
-| test.cpp:92:9:92:11 | ptr | semmle.label | ptr |
 | test.cpp:112:9:112:11 | StoreValue | semmle.label | StoreValue |
 | test.cpp:112:9:112:11 | Unary | semmle.label | Unary |
 | test.cpp:112:9:112:11 | arr | semmle.label | arr |
@@ -155,77 +47,9 @@ nodes
 | test.cpp:119:11:119:13 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:119:11:119:17 | Unary | semmle.label | Unary |
 | test.cpp:119:11:119:17 | access to array | semmle.label | access to array |
-| test.cpp:134:2:134:14 | Store | semmle.label | Store |
-| test.cpp:134:8:134:10 | Left | semmle.label | Left |
-| test.cpp:134:8:134:10 | Unary | semmle.label | Unary |
-| test.cpp:134:8:134:10 | arr | semmle.label | arr |
-| test.cpp:134:8:134:10 | array to pointer conversion | semmle.label | array to pointer conversion |
-| test.cpp:134:8:134:14 | ... + ... | semmle.label | ... + ... |
-| test.cpp:134:8:134:14 | StoreValue | semmle.label | StoreValue |
-| test.cpp:135:2:135:4 | Left | semmle.label | Left |
-| test.cpp:135:2:135:4 | Load | semmle.label | Load |
-| test.cpp:135:2:135:4 | ptr | semmle.label | ptr |
-| test.cpp:135:2:135:6 | PointerAdd | semmle.label | PointerAdd |
-| test.cpp:135:2:135:6 | Store | semmle.label | Store |
-| test.cpp:135:2:135:6 | StoreValue | semmle.label | StoreValue |
-| test.cpp:137:9:137:11 | Load | semmle.label | Load |
-| test.cpp:137:9:137:11 | StoreValue | semmle.label | StoreValue |
-| test.cpp:137:9:137:11 | ptr | semmle.label | ptr |
-| test.cpp:170:26:170:41 | (void *)... | semmle.label | (void *)... |
-| test.cpp:170:26:170:41 | Store | semmle.label | Store |
-| test.cpp:170:26:170:41 | StoreValue | semmle.label | StoreValue |
-| test.cpp:170:34:170:41 | & ... | semmle.label | & ... |
-| test.cpp:170:34:170:41 | Unary | semmle.label | Unary |
-| test.cpp:170:35:170:41 | Unary | semmle.label | Unary |
-| test.cpp:170:35:170:41 | myLocal | semmle.label | myLocal |
-| test.cpp:171:10:171:23 | Load | semmle.label | Load |
-| test.cpp:171:10:171:23 | StoreValue | semmle.label | StoreValue |
-| test.cpp:171:10:171:23 | pointerToLocal | semmle.label | pointerToLocal |
-| test.cpp:176:25:176:34 | Store | semmle.label | Store |
-| test.cpp:176:25:176:34 | StoreValue | semmle.label | StoreValue |
-| test.cpp:176:25:176:34 | Unary | semmle.label | Unary |
-| test.cpp:176:25:176:34 | array to pointer conversion | semmle.label | array to pointer conversion |
-| test.cpp:176:25:176:34 | localArray | semmle.label | localArray |
-| test.cpp:177:10:177:23 | (void *)... | semmle.label | (void *)... |
-| test.cpp:177:10:177:23 | Load | semmle.label | Load |
-| test.cpp:177:10:177:23 | StoreValue | semmle.label | StoreValue |
-| test.cpp:177:10:177:23 | Unary | semmle.label | Unary |
-| test.cpp:177:10:177:23 | pointerToLocal | semmle.label | pointerToLocal |
-| test.cpp:182:21:182:27 | (reference to) | semmle.label | (reference to) |
-| test.cpp:182:21:182:27 | Store | semmle.label | Store |
-| test.cpp:182:21:182:27 | StoreValue | semmle.label | StoreValue |
-| test.cpp:182:21:182:27 | Unary | semmle.label | Unary |
-| test.cpp:182:21:182:27 | myLocal | semmle.label | myLocal |
-| test.cpp:183:10:183:19 | (reference dereference) | semmle.label | (reference dereference) |
-| test.cpp:183:10:183:19 | (reference to) | semmle.label | (reference to) |
-| test.cpp:183:10:183:19 | Load | semmle.label | Load |
-| test.cpp:183:10:183:19 | StoreValue | semmle.label | StoreValue |
-| test.cpp:183:10:183:19 | Unary | semmle.label | Unary |
-| test.cpp:183:10:183:19 | Unary | semmle.label | Unary |
-| test.cpp:183:10:183:19 | refToLocal | semmle.label | refToLocal |
-| test.cpp:189:16:189:16 | (reference to) | semmle.label | (reference to) |
-| test.cpp:189:16:189:16 | Store | semmle.label | Store |
-| test.cpp:189:16:189:16 | StoreValue | semmle.label | StoreValue |
-| test.cpp:189:16:189:16 | Unary | semmle.label | Unary |
-| test.cpp:189:16:189:16 | p | semmle.label | p |
-| test.cpp:190:10:190:13 | (reference dereference) | semmle.label | (reference dereference) |
-| test.cpp:190:10:190:13 | (reference to) | semmle.label | (reference to) |
-| test.cpp:190:10:190:13 | Load | semmle.label | Load |
-| test.cpp:190:10:190:13 | StoreValue | semmle.label | StoreValue |
-| test.cpp:190:10:190:13 | Unary | semmle.label | Unary |
-| test.cpp:190:10:190:13 | Unary | semmle.label | Unary |
-| test.cpp:190:10:190:13 | pRef | semmle.label | pRef |
 #select
 | test.cpp:17:9:17:11 | StoreValue | test.cpp:17:10:17:11 | mc | test.cpp:17:9:17:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:17:10:17:11 | mc | mc |
-| test.cpp:25:9:25:11 | StoreValue | test.cpp:23:18:23:19 | mc | test.cpp:25:9:25:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:23:18:23:19 | mc | mc |
-| test.cpp:41:9:41:12 | StoreValue | test.cpp:39:17:39:18 | mc | test.cpp:41:9:41:12 | StoreValue | May return stack-allocated memory from $@. | test.cpp:39:17:39:18 | mc | mc |
 | test.cpp:47:9:47:10 | StoreValue | test.cpp:47:9:47:10 | mc | test.cpp:47:9:47:10 | StoreValue | May return stack-allocated memory from $@. | test.cpp:47:9:47:10 | mc | mc |
 | test.cpp:54:9:54:15 | StoreValue | test.cpp:54:11:54:12 | mc | test.cpp:54:9:54:15 | StoreValue | May return stack-allocated memory from $@. | test.cpp:54:11:54:12 | mc | mc |
-| test.cpp:92:9:92:11 | StoreValue | test.cpp:89:10:89:11 | mc | test.cpp:92:9:92:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:89:10:89:11 | mc | mc |
 | test.cpp:112:9:112:11 | StoreValue | test.cpp:112:9:112:11 | arr | test.cpp:112:9:112:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:112:9:112:11 | arr | arr |
 | test.cpp:119:9:119:18 | StoreValue | test.cpp:119:11:119:13 | arr | test.cpp:119:9:119:18 | StoreValue | May return stack-allocated memory from $@. | test.cpp:119:11:119:13 | arr | arr |
-| test.cpp:137:9:137:11 | StoreValue | test.cpp:134:8:134:10 | arr | test.cpp:137:9:137:11 | StoreValue | May return stack-allocated memory from $@. | test.cpp:134:8:134:10 | arr | arr |
-| test.cpp:171:10:171:23 | StoreValue | test.cpp:170:35:170:41 | myLocal | test.cpp:171:10:171:23 | StoreValue | May return stack-allocated memory from $@. | test.cpp:170:35:170:41 | myLocal | myLocal |
-| test.cpp:177:10:177:23 | StoreValue | test.cpp:176:25:176:34 | localArray | test.cpp:177:10:177:23 | StoreValue | May return stack-allocated memory from $@. | test.cpp:176:25:176:34 | localArray | localArray |
-| test.cpp:183:10:183:19 | StoreValue | test.cpp:182:21:182:27 | myLocal | test.cpp:183:10:183:19 | StoreValue | May return stack-allocated memory from $@. | test.cpp:182:21:182:27 | myLocal | myLocal |
-| test.cpp:190:10:190:13 | StoreValue | test.cpp:189:16:189:16 | p | test.cpp:190:10:190:13 | StoreValue | May return stack-allocated memory from $@. | test.cpp:189:16:189:16 | p | p |
--- a/Bugs/Protocols/TlsSettingsMisconfiguration.expected
+++ b/Bugs/Protocols/TlsSettingsMisconfiguration.expected
@@ -1,19 +1,40 @@
+| test2.cpp:7:32:7:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:6:40:6:72 | sslv23 | sslv23 | test2.cpp:7:32:7:33 | call to context | no_sslv3 has not been set |
+| test2.cpp:7:32:7:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:6:40:6:72 | sslv23 | sslv23 | test2.cpp:7:32:7:33 | call to context | no_tlsv1 has not been set |
+| test2.cpp:7:32:7:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:6:40:6:72 | sslv23 | sslv23 | test2.cpp:7:32:7:33 | call to context | no_tlsv1_1 has not been set |
 | test2.cpp:15:32:15:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:14:40:14:72 | sslv23 | sslv23 | test2.cpp:15:32:15:33 | call to context | no_sslv3 has not been set |
+| test2.cpp:15:32:15:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:14:40:14:72 | sslv23 | sslv23 | test2.cpp:15:32:15:33 | call to context | no_tlsv1 has not been set |
+| test2.cpp:15:32:15:33 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:14:40:14:72 | sslv23 | sslv23 | test2.cpp:15:32:15:33 | call to context | no_tlsv1_1 has not been set |
 | test2.cpp:23:32:23:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:23:32:23:64 | sslv23 | sslv23 | test2.cpp:23:32:23:65 | call to context | no_sslv3 has not been set |
 | test2.cpp:23:32:23:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:23:32:23:64 | sslv23 | sslv23 | test2.cpp:23:32:23:65 | call to context | no_tlsv1 has not been set |
 | test2.cpp:23:32:23:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:23:32:23:64 | sslv23 | sslv23 | test2.cpp:23:32:23:65 | call to context | no_tlsv1_1 has not been set |
 | test2.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:31:32:31:64 | sslv23 | sslv23 | test2.cpp:31:32:31:65 | call to context | no_sslv3 has not been set |
 | test2.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:31:32:31:64 | sslv23 | sslv23 | test2.cpp:31:32:31:65 | call to context | no_tlsv1 has not been set |
 | test2.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:31:32:31:64 | sslv23 | sslv23 | test2.cpp:31:32:31:65 | call to context | no_tlsv1_1 has not been set |
+| test2.cpp:38:35:38:98 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:38:65:38:97 | sslv23 | sslv23 | test2.cpp:38:35:38:98 | call to context | no_sslv3 has not been set |
+| test2.cpp:38:35:38:98 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:38:65:38:97 | sslv23 | sslv23 | test2.cpp:38:35:38:98 | call to context | no_tlsv1 has not been set |
+| test2.cpp:38:35:38:98 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:38:65:38:97 | sslv23 | sslv23 | test2.cpp:38:35:38:98 | call to context | no_tlsv1_1 has not been set |
 | test2.cpp:45:35:45:98 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:45:65:45:97 | sslv23 | sslv23 | test2.cpp:45:35:45:98 | call to context | no_sslv3 has not been set |
+| test2.cpp:45:35:45:98 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:45:65:45:97 | sslv23 | sslv23 | test2.cpp:45:35:45:98 | call to context | no_tlsv1 has not been set |
+| test2.cpp:45:35:45:98 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:45:65:45:97 | sslv23 | sslv23 | test2.cpp:45:35:45:98 | call to context | no_tlsv1_1 has not been set |
 | test2.cpp:52:32:52:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:52:32:52:64 | sslv23 | sslv23 | test2.cpp:52:32:52:65 | call to context | no_sslv3 has not been set |
 | test2.cpp:52:32:52:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:52:32:52:64 | sslv23 | sslv23 | test2.cpp:52:32:52:65 | call to context | no_tlsv1 has not been set |
 | test2.cpp:52:32:52:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test2.cpp:52:32:52:64 | sslv23 | sslv23 | test2.cpp:52:32:52:65 | call to context | no_tlsv1_1 has not been set |
+| test3.cpp:7:32:7:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test3.cpp:7:32:7:61 | tls | tls | test3.cpp:7:32:7:62 | call to context | no_tlsv1 has not been set |
 | test3.cpp:7:32:7:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test3.cpp:7:32:7:61 | tls | tls | test3.cpp:7:32:7:62 | call to context | no_tlsv1_1 has not been set |
+| test3.cpp:15:32:15:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test3.cpp:15:32:15:61 | tls | tls | test3.cpp:15:32:15:62 | call to context | no_tlsv1 has not been set |
+| test3.cpp:15:32:15:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test3.cpp:15:32:15:61 | tls | tls | test3.cpp:15:32:15:62 | call to context | no_tlsv1_1 has not been set |
+| test.cpp:11:32:11:69 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:11:32:11:68 | tls_client | tls_client | test.cpp:11:32:11:69 | call to context | no_tlsv1 has not been set |
+| test.cpp:11:32:11:69 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:11:32:11:68 | tls_client | tls_client | test.cpp:11:32:11:69 | call to context | no_tlsv1_1 has not been set |
+| test.cpp:17:32:17:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:17:32:17:64 | sslv23 | sslv23 | test.cpp:17:32:17:65 | call to context | no_sslv3 has not been set |
+| test.cpp:17:32:17:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:17:32:17:64 | sslv23 | sslv23 | test.cpp:17:32:17:65 | call to context | no_tlsv1 has not been set |
+| test.cpp:17:32:17:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:17:32:17:64 | sslv23 | sslv23 | test.cpp:17:32:17:65 | call to context | no_tlsv1_1 has not been set |
 | test.cpp:25:32:25:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_sslv3 has not been set |
+| test.cpp:25:32:25:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_tlsv1 has not been set |
+| test.cpp:25:32:25:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:25:32:25:64 | sslv23 | sslv23 | test.cpp:25:32:25:65 | call to context | no_tlsv1_1 has not been set |
 | test.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_sslv3 has not been set |
 | test.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1 has not been set |
 | test.cpp:31:32:31:65 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:31:32:31:64 | sslv23 | sslv23 | test.cpp:31:32:31:65 | call to context | no_tlsv1_1 has not been set |
 | test.cpp:36:32:36:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1 has not been set |
 | test.cpp:36:32:36:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:36:32:36:61 | tls | tls | test.cpp:36:32:36:62 | call to context | no_tlsv1_1 has not been set |
-| test.cpp:41:32:41:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:61 | tls | tls | test.cpp:43:6:43:16 | call to set_options | no_tlsv1_2 was set |
+| test.cpp:41:32:41:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:61 | tls | tls | test.cpp:41:32:41:62 | call to context | no_tlsv1 has not been set |
+| test.cpp:41:32:41:62 | call to context | This usage of 'boost::asio::ssl::context::context' with protocol $@ is not configured correctly: The option $@. | test.cpp:41:32:41:61 | tls | tls | test.cpp:41:32:41:62 | call to context | no_tlsv1_1 has not been set |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/SAMATE/TaintedPath/TaintedPath.expected
@@ -1,22 +1,18 @@
 edges
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... |
+| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
+| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection |
 subpaths
 nodes
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | semmle.label | ... + ... |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | fgets output argument | semmle.label | fgets output argument |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... | semmle.label | (const char *)... |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | (const char *)... | semmle.label | (const char *)... |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data |
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection | semmle.label | data indirection |
-| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data indirection | semmle.label | data indirection |
+| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data |
+| CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | semmle.label | data |
 #select
 | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:77:23:77:26 | data | This argument to a file access function is derived from $@ and then passed to fopen(filename). | CWE23_Relative_Path_Traversal__char_console_fopen_11.cpp:55:27:55:38 | ... + ... | user input (fgets) |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
@@ -1,22 +1,18 @@
 edges
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | (const char *)... |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | (const char *)... |
 | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
 | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
 | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
 | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection |
-| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection |
+| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
+| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName |
 subpaths
 nodes
 | test.c:9:23:9:26 | argv | semmle.label | argv |
 | test.c:9:23:9:26 | argv | semmle.label | argv |
-| test.c:17:11:17:18 | (const char *)... | semmle.label | (const char *)... |
-| test.c:17:11:17:18 | (const char *)... | semmle.label | (const char *)... |
 | test.c:17:11:17:18 | fileName | semmle.label | fileName |
 | test.c:17:11:17:18 | fileName | semmle.label | fileName |
 | test.c:17:11:17:18 | fileName | semmle.label | fileName |
-| test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection |
-| test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection |
+| test.c:17:11:17:18 | fileName | semmle.label | fileName |
+| test.c:17:11:17:18 | fileName | semmle.label | fileName |
 #select
 | test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv | user input (argv) |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/SAMATE/ExecTainted/ExecTainted.expected
@@ -1,16 +1,4 @@
 edges
-| tests.cpp:26:15:26:23 | ReturnValue | tests.cpp:51:12:51:20 | call to badSource |
-| tests.cpp:33:34:33:39 | call to getenv | tests.cpp:38:39:38:49 | environment indirection |
-| tests.cpp:38:25:38:36 | strncat output argument | tests.cpp:26:15:26:23 | ReturnValue |
-| tests.cpp:38:39:38:49 | environment indirection | tests.cpp:38:25:38:36 | strncat output argument |
-| tests.cpp:51:12:51:20 | call to badSource | tests.cpp:53:16:53:19 | data indirection |
 nodes
-| tests.cpp:26:15:26:23 | ReturnValue | semmle.label | ReturnValue |
-| tests.cpp:33:34:33:39 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:38:25:38:36 | strncat output argument | semmle.label | strncat output argument |
-| tests.cpp:38:39:38:49 | environment indirection | semmle.label | environment indirection |
-| tests.cpp:51:12:51:20 | call to badSource | semmle.label | call to badSource |
-| tests.cpp:53:16:53:19 | data indirection | semmle.label | data indirection |
 subpaths
 #select
-| tests.cpp:53:16:53:19 | data | tests.cpp:33:34:33:39 | call to getenv | tests.cpp:53:16:53:19 | data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | tests.cpp:33:34:33:39 | call to getenv | user input (an environment variable) | tests.cpp:38:25:38:36 | strncat output argument | strncat output argument |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
@@ -1,179 +1,4 @@
 edges
-| test.cpp:16:20:16:23 | argv | test.cpp:22:45:22:52 | userName indirection |
-| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | command1 indirection |
-| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
-| test.cpp:47:21:47:26 | call to getenv | test.cpp:50:35:50:43 | envCflags indirection |
-| test.cpp:50:11:50:17 | sprintf output argument | test.cpp:51:10:51:16 | command indirection |
-| test.cpp:50:35:50:43 | envCflags indirection | test.cpp:50:11:50:17 | sprintf output argument |
-| test.cpp:62:9:62:16 | fread output argument | test.cpp:64:20:64:27 | filename indirection |
-| test.cpp:64:11:64:17 | strncat output argument | test.cpp:65:10:65:16 | command indirection |
-| test.cpp:64:20:64:27 | filename indirection | test.cpp:64:11:64:17 | strncat output argument |
-| test.cpp:82:9:82:16 | fread output argument | test.cpp:84:20:84:27 | filename indirection |
-| test.cpp:84:11:84:17 | strncat output argument | test.cpp:85:32:85:38 | command indirection |
-| test.cpp:84:20:84:27 | filename indirection | test.cpp:84:11:84:17 | strncat output argument |
-| test.cpp:91:9:91:16 | fread output argument | test.cpp:93:17:93:24 | filename indirection |
-| test.cpp:93:11:93:14 | strncat output argument | test.cpp:94:45:94:48 | path indirection |
-| test.cpp:93:17:93:24 | filename indirection | test.cpp:93:11:93:14 | strncat output argument |
-| test.cpp:106:20:106:25 | call to getenv | test.cpp:107:33:107:36 | path indirection |
-| test.cpp:107:31:107:31 | call to operator+ | test.cpp:108:18:108:22 | call to c_str indirection |
-| test.cpp:107:33:107:36 | path indirection | test.cpp:107:31:107:31 | call to operator+ |
-| test.cpp:113:20:113:25 | call to getenv | test.cpp:114:19:114:22 | path indirection |
-| test.cpp:114:17:114:17 | Call | test.cpp:114:25:114:29 | call to c_str indirection |
-| test.cpp:114:19:114:22 | path indirection | test.cpp:114:17:114:17 | Call |
-| test.cpp:119:20:119:25 | call to getenv | test.cpp:120:19:120:22 | path indirection |
-| test.cpp:120:17:120:17 | Call | test.cpp:120:10:120:30 | call to data indirection |
-| test.cpp:120:19:120:22 | path indirection | test.cpp:120:17:120:17 | Call |
-| test.cpp:140:9:140:11 | fread output argument | test.cpp:142:31:142:33 | str indirection |
-| test.cpp:142:11:142:17 | sprintf output argument | test.cpp:143:10:143:16 | command indirection |
-| test.cpp:142:31:142:33 | str indirection | test.cpp:142:11:142:17 | sprintf output argument |
-| test.cpp:174:9:174:16 | fread output argument | test.cpp:177:20:177:27 | filename indirection |
-| test.cpp:174:9:174:16 | fread output argument | test.cpp:178:22:178:26 | flags indirection |
-| test.cpp:174:9:174:16 | fread output argument | test.cpp:180:22:180:29 | filename indirection |
-| test.cpp:177:13:177:17 | strncat output argument | test.cpp:183:32:183:38 | command indirection |
-| test.cpp:177:20:177:27 | filename indirection | test.cpp:177:13:177:17 | strncat output argument |
-| test.cpp:178:13:178:19 | strncat output argument | test.cpp:183:32:183:38 | command indirection |
-| test.cpp:178:22:178:26 | flags indirection | test.cpp:178:13:178:19 | strncat output argument |
-| test.cpp:180:13:180:19 | strncat output argument | test.cpp:183:32:183:38 | command indirection |
-| test.cpp:180:22:180:29 | filename indirection | test.cpp:180:13:180:19 | strncat output argument |
-| test.cpp:186:47:186:54 | *filename | test.cpp:187:18:187:25 | filename indirection |
-| test.cpp:186:47:186:54 | *filename | test.cpp:188:20:188:24 | flags indirection |
-| test.cpp:186:47:186:54 | filename | test.cpp:187:18:187:25 | filename indirection |
-| test.cpp:186:47:186:54 | filename | test.cpp:188:20:188:24 | flags indirection |
-| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:187:11:187:15 | strncat output argument | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:187:18:187:25 | filename indirection | test.cpp:187:11:187:15 | strncat output argument |
-| test.cpp:187:18:187:25 | filename indirection | test.cpp:187:11:187:15 | strncat output argument |
-| test.cpp:188:11:188:17 | command [post update] | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:188:11:188:17 | strncat output argument | test.cpp:188:11:188:17 | command [post update] |
-| test.cpp:188:20:188:24 | flags indirection | test.cpp:188:11:188:17 | strncat output argument |
-| test.cpp:188:20:188:24 | flags indirection | test.cpp:188:11:188:17 | strncat output argument |
-| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | filename |
-| test.cpp:194:9:194:16 | fread output argument | test.cpp:196:26:196:33 | filename indirection |
-| test.cpp:196:10:196:16 | command [post update] | test.cpp:198:32:198:38 | command indirection |
-| test.cpp:196:10:196:16 | command [post update] | test.cpp:198:32:198:38 | command indirection |
-| test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename |
-| test.cpp:196:26:196:33 | filename | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | filename indirection |
-| test.cpp:218:9:218:16 | fread output argument | test.cpp:220:19:220:26 | filename indirection |
-| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | command indirection |
-| test.cpp:220:10:220:16 | strncat output argument | test.cpp:222:32:222:38 | command indirection |
-| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
-| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
-| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
-| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
 nodes
-| test.cpp:16:20:16:23 | argv | semmle.label | argv |
-| test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument |
-| test.cpp:22:45:22:52 | userName indirection | semmle.label | userName indirection |
-| test.cpp:23:12:23:19 | command1 indirection | semmle.label | command1 indirection |
-| test.cpp:47:21:47:26 | call to getenv | semmle.label | call to getenv |
-| test.cpp:50:11:50:17 | sprintf output argument | semmle.label | sprintf output argument |
-| test.cpp:50:35:50:43 | envCflags indirection | semmle.label | envCflags indirection |
-| test.cpp:51:10:51:16 | command indirection | semmle.label | command indirection |
-| test.cpp:62:9:62:16 | fread output argument | semmle.label | fread output argument |
-| test.cpp:64:11:64:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:64:20:64:27 | filename indirection | semmle.label | filename indirection |
-| test.cpp:65:10:65:16 | command indirection | semmle.label | command indirection |
-| test.cpp:82:9:82:16 | fread output argument | semmle.label | fread output argument |
-| test.cpp:84:11:84:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:84:20:84:27 | filename indirection | semmle.label | filename indirection |
-| test.cpp:85:32:85:38 | command indirection | semmle.label | command indirection |
-| test.cpp:91:9:91:16 | fread output argument | semmle.label | fread output argument |
-| test.cpp:93:11:93:14 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:93:17:93:24 | filename indirection | semmle.label | filename indirection |
-| test.cpp:94:45:94:48 | path indirection | semmle.label | path indirection |
-| test.cpp:106:20:106:25 | call to getenv | semmle.label | call to getenv |
-| test.cpp:107:31:107:31 | call to operator+ | semmle.label | call to operator+ |
-| test.cpp:107:33:107:36 | path indirection | semmle.label | path indirection |
-| test.cpp:108:18:108:22 | call to c_str indirection | semmle.label | call to c_str indirection |
-| test.cpp:113:20:113:25 | call to getenv | semmle.label | call to getenv |
-| test.cpp:114:17:114:17 | Call | semmle.label | Call |
-| test.cpp:114:19:114:22 | path indirection | semmle.label | path indirection |
-| test.cpp:114:25:114:29 | call to c_str indirection | semmle.label | call to c_str indirection |
-| test.cpp:119:20:119:25 | call to getenv | semmle.label | call to getenv |
-| test.cpp:120:10:120:30 | call to data indirection | semmle.label | call to data indirection |
-| test.cpp:120:17:120:17 | Call | semmle.label | Call |
-| test.cpp:120:19:120:22 | path indirection | semmle.label | path indirection |
-| test.cpp:140:9:140:11 | fread output argument | semmle.label | fread output argument |
-| test.cpp:142:11:142:17 | sprintf output argument | semmle.label | sprintf output argument |
-| test.cpp:142:31:142:33 | str indirection | semmle.label | str indirection |
-| test.cpp:143:10:143:16 | command indirection | semmle.label | command indirection |
-| test.cpp:174:9:174:16 | fread output argument | semmle.label | fread output argument |
-| test.cpp:177:13:177:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:177:20:177:27 | filename indirection | semmle.label | filename indirection |
-| test.cpp:178:13:178:19 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:178:22:178:26 | flags indirection | semmle.label | flags indirection |
-| test.cpp:180:13:180:19 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:180:22:180:29 | filename indirection | semmle.label | filename indirection |
-| test.cpp:183:32:183:38 | command indirection | semmle.label | command indirection |
-| test.cpp:183:32:183:38 | command indirection | semmle.label | command indirection |
-| test.cpp:183:32:183:38 | command indirection | semmle.label | command indirection |
-| test.cpp:186:47:186:54 | *filename | semmle.label | *filename |
-| test.cpp:186:47:186:54 | filename | semmle.label | filename |
-| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:187:11:187:15 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:187:18:187:25 | filename indirection | semmle.label | filename indirection |
-| test.cpp:187:18:187:25 | filename indirection | semmle.label | filename indirection |
-| test.cpp:188:11:188:17 | command [post update] | semmle.label | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | semmle.label | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | semmle.label | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | semmle.label | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | semmle.label | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | semmle.label | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | semmle.label | command [post update] |
-| test.cpp:188:11:188:17 | command [post update] | semmle.label | command [post update] |
-| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:188:11:188:17 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:188:20:188:24 | flags indirection | semmle.label | flags indirection |
-| test.cpp:188:20:188:24 | flags indirection | semmle.label | flags indirection |
-| test.cpp:194:9:194:16 | fread output argument | semmle.label | fread output argument |
-| test.cpp:196:10:196:16 | command [post update] | semmle.label | command [post update] |
-| test.cpp:196:10:196:16 | command [post update] | semmle.label | command [post update] |
-| test.cpp:196:26:196:33 | filename | semmle.label | filename |
-| test.cpp:196:26:196:33 | filename indirection | semmle.label | filename indirection |
-| test.cpp:198:32:198:38 | command indirection | semmle.label | command indirection |
-| test.cpp:198:32:198:38 | command indirection | semmle.label | command indirection |
-| test.cpp:218:9:218:16 | fread output argument | semmle.label | fread output argument |
-| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:220:10:220:16 | strncat output argument | semmle.label | strncat output argument |
-| test.cpp:220:19:220:26 | filename indirection | semmle.label | filename indirection |
-| test.cpp:220:19:220:26 | filename indirection | semmle.label | filename indirection |
-| test.cpp:222:32:222:38 | command indirection | semmle.label | command indirection |
 subpaths
-| test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename | test.cpp:186:47:186:54 | filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
-| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
 #select
-| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
-| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
-| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (String read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
-| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (String read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |
-| test.cpp:94:45:94:48 | path | test.cpp:91:9:91:16 | fread output argument | test.cpp:94:45:94:48 | path indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:91:9:91:16 | fread output argument | user input (String read by fread) | test.cpp:93:11:93:14 | strncat output argument | strncat output argument |
-| test.cpp:108:18:108:22 | call to c_str | test.cpp:106:20:106:25 | call to getenv | test.cpp:108:18:108:22 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:106:20:106:25 | call to getenv | user input (an environment variable) | test.cpp:107:31:107:31 | call to operator+ | call to operator+ |
-| test.cpp:114:25:114:29 | call to c_str | test.cpp:113:20:113:25 | call to getenv | test.cpp:114:25:114:29 | call to c_str indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:113:20:113:25 | call to getenv | user input (an environment variable) | test.cpp:114:17:114:17 | Call | Call |
-| test.cpp:120:25:120:28 | call to data | test.cpp:119:20:119:25 | call to getenv | test.cpp:120:10:120:30 | call to data indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:119:20:119:25 | call to getenv | user input (an environment variable) | test.cpp:120:17:120:17 | Call | Call |
-| test.cpp:143:10:143:16 | command | test.cpp:140:9:140:11 | fread output argument | test.cpp:143:10:143:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:140:9:140:11 | fread output argument | user input (String read by fread) | test.cpp:142:11:142:17 | sprintf output argument | sprintf output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:177:13:177:17 | strncat output argument | strncat output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:178:13:178:19 | strncat output argument | strncat output argument |
-| test.cpp:183:32:183:38 | command | test.cpp:174:9:174:16 | fread output argument | test.cpp:183:32:183:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:174:9:174:16 | fread output argument | user input (String read by fread) | test.cpp:180:13:180:19 | strncat output argument | strncat output argument |
-| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (String read by fread) | test.cpp:187:11:187:15 | strncat output argument | strncat output argument |
-| test.cpp:198:32:198:38 | command | test.cpp:194:9:194:16 | fread output argument | test.cpp:198:32:198:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:194:9:194:16 | fread output argument | user input (String read by fread) | test.cpp:188:11:188:17 | strncat output argument | strncat output argument |
-| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (String read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
-| test.cpp:222:32:222:38 | command | test.cpp:218:9:218:16 | fread output argument | test.cpp:222:32:222:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:218:9:218:16 | fread output argument | user input (String read by fread) | test.cpp:220:10:220:16 | strncat output argument | strncat output argument |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-079/semmle/CgiXss/CgiXss.expected
@@ -1,53 +1,31 @@
 edges
-| search.c:14:24:14:28 | *query | search.c:17:8:17:12 | (const char *)... |
-| search.c:14:24:14:28 | *query | search.c:17:8:17:12 | query |
-| search.c:14:24:14:28 | *query | search.c:17:8:17:12 | query indirection |
-| search.c:14:24:14:28 | query | search.c:17:8:17:12 | (const char *)... |
 | search.c:14:24:14:28 | query | search.c:17:8:17:12 | query |
 | search.c:14:24:14:28 | query | search.c:17:8:17:12 | query |
-| search.c:14:24:14:28 | query | search.c:17:8:17:12 | query indirection |
-| search.c:22:24:22:28 | *query | search.c:23:39:23:43 | query |
-| search.c:22:24:22:28 | *query | search.c:23:39:23:43 | query |
-| search.c:22:24:22:28 | *query | search.c:23:39:23:43 | query indirection |
+| search.c:14:24:14:28 | query | search.c:17:8:17:12 | query |
 | search.c:22:24:22:28 | query | search.c:23:39:23:43 | query |
 | search.c:22:24:22:28 | query | search.c:23:39:23:43 | query |
-| search.c:22:24:22:28 | query | search.c:23:39:23:43 | query indirection |
 | search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | raw_query |
 | search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | raw_query |
-| search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | raw_query indirection |
-| search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | raw_query indirection |
 | search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | raw_query |
 | search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | raw_query |
-| search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | raw_query indirection |
-| search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | raw_query indirection |
 | search.c:55:17:55:25 | raw_query | search.c:14:24:14:28 | query |
-| search.c:55:17:55:25 | raw_query indirection | search.c:14:24:14:28 | *query |
 | search.c:57:17:57:25 | raw_query | search.c:22:24:22:28 | query |
-| search.c:57:17:57:25 | raw_query indirection | search.c:22:24:22:28 | *query |
 subpaths
 nodes
-| search.c:14:24:14:28 | *query | semmle.label | *query |
 | search.c:14:24:14:28 | query | semmle.label | query |
-| search.c:17:8:17:12 | (const char *)... | semmle.label | (const char *)... |
-| search.c:17:8:17:12 | (const char *)... | semmle.label | (const char *)... |
 | search.c:17:8:17:12 | query | semmle.label | query |
 | search.c:17:8:17:12 | query | semmle.label | query |
 | search.c:17:8:17:12 | query | semmle.label | query |
-| search.c:17:8:17:12 | query indirection | semmle.label | query indirection |
-| search.c:17:8:17:12 | query indirection | semmle.label | query indirection |
-| search.c:22:24:22:28 | *query | semmle.label | *query |
+| search.c:17:8:17:12 | query | semmle.label | query |
+| search.c:17:8:17:12 | query | semmle.label | query |
 | search.c:22:24:22:28 | query | semmle.label | query |
 | search.c:23:39:23:43 | query | semmle.label | query |
 | search.c:23:39:23:43 | query | semmle.label | query |
 | search.c:23:39:23:43 | query | semmle.label | query |
-| search.c:23:39:23:43 | query indirection | semmle.label | query indirection |
-| search.c:23:39:23:43 | query indirection | semmle.label | query indirection |
 | search.c:51:21:51:26 | call to getenv | semmle.label | call to getenv |
 | search.c:51:21:51:26 | call to getenv | semmle.label | call to getenv |
 | search.c:55:17:55:25 | raw_query | semmle.label | raw_query |
-| search.c:55:17:55:25 | raw_query indirection | semmle.label | raw_query indirection |
 | search.c:57:17:57:25 | raw_query | semmle.label | raw_query |
-| search.c:57:17:57:25 | raw_query indirection | semmle.label | raw_query indirection |
 #select
 | search.c:17:8:17:12 | query | search.c:51:21:51:26 | call to getenv | search.c:17:8:17:12 | query | Cross-site scripting vulnerability due to $@. | search.c:51:21:51:26 | call to getenv | this query data |
 | search.c:23:39:23:43 | query | search.c:51:21:51:26 | call to getenv | search.c:23:39:23:43 | query | Cross-site scripting vulnerability due to $@. | search.c:51:21:51:26 | call to getenv | this query data |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-089/SqlTainted/SqlTainted.expected
@@ -1,36 +1,32 @@
 edges
-| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | (const char *)... |
-| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | (const char *)... |
+| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | array to pointer conversion |
+| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | array to pointer conversion |
+| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
+| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
 | test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
 | test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 |
-| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 indirection |
-| test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 indirection |
-| test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | (const char *)... |
-| test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | (const char *)... |
 | test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array |
 | test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array |
 | test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array |
 | test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array |
-| test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array indirection |
-| test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array indirection |
+| test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array |
+| test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array |
 subpaths
 nodes
 | test.c:15:20:15:23 | argv | semmle.label | argv |
 | test.c:15:20:15:23 | argv | semmle.label | argv |
-| test.c:21:18:21:23 | (const char *)... | semmle.label | (const char *)... |
-| test.c:21:18:21:23 | (const char *)... | semmle.label | (const char *)... |
+| test.c:21:18:21:23 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.c:21:18:21:23 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.c:21:18:21:23 | query1 | semmle.label | query1 |
+| test.c:21:18:21:23 | query1 | semmle.label | query1 |
 | test.c:21:18:21:23 | query1 | semmle.label | query1 |
-| test.c:21:18:21:23 | query1 indirection | semmle.label | query1 indirection |
-| test.c:21:18:21:23 | query1 indirection | semmle.label | query1 indirection |
 | test.cpp:43:27:43:30 | argv | semmle.label | argv |
 | test.cpp:43:27:43:30 | argv | semmle.label | argv |
-| test.cpp:43:27:43:33 | (const char *)... | semmle.label | (const char *)... |
-| test.cpp:43:27:43:33 | (const char *)... | semmle.label | (const char *)... |
 | test.cpp:43:27:43:33 | access to array | semmle.label | access to array |
 | test.cpp:43:27:43:33 | access to array | semmle.label | access to array |
 | test.cpp:43:27:43:33 | access to array | semmle.label | access to array |
-| test.cpp:43:27:43:33 | access to array indirection | semmle.label | access to array indirection |
-| test.cpp:43:27:43:33 | access to array indirection | semmle.label | access to array indirection |
+| test.cpp:43:27:43:33 | access to array | semmle.label | access to array |
+| test.cpp:43:27:43:33 | access to array | semmle.label | access to array |
 #select
 | test.c:21:18:21:23 | query1 | test.c:15:20:15:23 | argv | test.c:21:18:21:23 | query1 | This argument to a SQL query function is derived from $@ and then passed to mysql_query(sqlArg). | test.c:15:20:15:23 | argv | user input (argv) |
 | test.cpp:43:27:43:33 | access to array | test.cpp:43:27:43:30 | argv | test.cpp:43:27:43:33 | access to array | This argument to a SQL query function is derived from $@ and then passed to pqxx::work::exec1((unnamed parameter 0)). | test.cpp:43:27:43:30 | argv | user input (argv) |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-114/SAMATE/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
@@ -1,28 +1,25 @@
 edges
-| test.cpp:37:73:37:76 | *data | test.cpp:43:32:43:35 | (LPCSTR)... |
-| test.cpp:37:73:37:76 | *data | test.cpp:43:32:43:35 | data |
-| test.cpp:37:73:37:76 | *data | test.cpp:43:32:43:35 | data indirection |
-| test.cpp:37:73:37:76 | data | test.cpp:43:32:43:35 | (LPCSTR)... |
 | test.cpp:37:73:37:76 | data | test.cpp:43:32:43:35 | data |
 | test.cpp:37:73:37:76 | data | test.cpp:43:32:43:35 | data |
-| test.cpp:37:73:37:76 | data | test.cpp:43:32:43:35 | data indirection |
+| test.cpp:37:73:37:76 | data | test.cpp:43:32:43:35 | data |
+| test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
+| test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
+| test.cpp:37:73:37:76 | data indirection | test.cpp:43:32:43:35 | data |
 | test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data |
 | test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data |
 | test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data indirection |
 | test.cpp:64:30:64:35 | call to getenv | test.cpp:73:24:73:27 | data indirection |
 | test.cpp:73:24:73:27 | data | test.cpp:37:73:37:76 | data |
-| test.cpp:73:24:73:27 | data indirection | test.cpp:37:73:37:76 | *data |
+| test.cpp:73:24:73:27 | data indirection | test.cpp:37:73:37:76 | data indirection |
 subpaths
 nodes
-| test.cpp:37:73:37:76 | *data | semmle.label | *data |
 | test.cpp:37:73:37:76 | data | semmle.label | data |
-| test.cpp:43:32:43:35 | (LPCSTR)... | semmle.label | (LPCSTR)... |
-| test.cpp:43:32:43:35 | (LPCSTR)... | semmle.label | (LPCSTR)... |
+| test.cpp:37:73:37:76 | data indirection | semmle.label | data indirection |
+| test.cpp:43:32:43:35 | data | semmle.label | data |
+| test.cpp:43:32:43:35 | data | semmle.label | data |
 | test.cpp:43:32:43:35 | data | semmle.label | data |
 | test.cpp:43:32:43:35 | data | semmle.label | data |
 | test.cpp:43:32:43:35 | data | semmle.label | data |
-| test.cpp:43:32:43:35 | data indirection | semmle.label | data indirection |
-| test.cpp:43:32:43:35 | data indirection | semmle.label | data indirection |
 | test.cpp:64:30:64:35 | call to getenv | semmle.label | call to getenv |
 | test.cpp:64:30:64:35 | call to getenv | semmle.label | call to getenv |
 | test.cpp:73:24:73:27 | data | semmle.label | data |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
@@ -1,153 +1,141 @@
 edges
-| test.cpp:24:30:24:36 | *command | test.cpp:26:10:26:16 | command |
-| test.cpp:24:30:24:36 | *command | test.cpp:26:10:26:16 | command |
-| test.cpp:24:30:24:36 | *command | test.cpp:26:10:26:16 | command indirection |
 | test.cpp:24:30:24:36 | command | test.cpp:26:10:26:16 | command |
 | test.cpp:24:30:24:36 | command | test.cpp:26:10:26:16 | command |
-| test.cpp:24:30:24:36 | command | test.cpp:26:10:26:16 | command indirection |
-| test.cpp:29:30:29:36 | *command | test.cpp:31:10:31:16 | command |
-| test.cpp:29:30:29:36 | *command | test.cpp:31:10:31:16 | command |
-| test.cpp:29:30:29:36 | *command | test.cpp:31:10:31:16 | command indirection |
 | test.cpp:29:30:29:36 | command | test.cpp:31:10:31:16 | command |
 | test.cpp:29:30:29:36 | command | test.cpp:31:10:31:16 | command |
-| test.cpp:29:30:29:36 | command | test.cpp:31:10:31:16 | command indirection |
-| test.cpp:42:18:42:23 | call to getenv | test.cpp:42:18:42:34 | call to getenv |
-| test.cpp:42:18:42:23 | call to getenv | test.cpp:42:18:42:34 | call to getenv indirection |
-| test.cpp:42:18:42:34 | (const char *)... | test.cpp:42:18:42:34 | call to getenv |
-| test.cpp:42:18:42:34 | (const char *)... | test.cpp:42:18:42:34 | call to getenv indirection |
+| test.cpp:42:18:42:23 | call to getenv | test.cpp:24:30:24:36 | command |
 | test.cpp:42:18:42:34 | call to getenv | test.cpp:24:30:24:36 | command |
-| test.cpp:42:18:42:34 | call to getenv indirection | test.cpp:24:30:24:36 | *command |
-| test.cpp:43:18:43:23 | call to getenv | test.cpp:43:18:43:34 | call to getenv |
-| test.cpp:43:18:43:23 | call to getenv | test.cpp:43:18:43:34 | call to getenv indirection |
-| test.cpp:43:18:43:34 | (const char *)... | test.cpp:43:18:43:34 | call to getenv |
-| test.cpp:43:18:43:34 | (const char *)... | test.cpp:43:18:43:34 | call to getenv indirection |
+| test.cpp:43:18:43:23 | call to getenv | test.cpp:29:30:29:36 | command |
 | test.cpp:43:18:43:34 | call to getenv | test.cpp:29:30:29:36 | command |
-| test.cpp:43:18:43:34 | call to getenv indirection | test.cpp:29:30:29:36 | *command |
-| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | (const char *)... |
+| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | array to pointer conversion |
+| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | array to pointer conversion |
+| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
+| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
+| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
 | test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer |
-| test.cpp:56:12:56:17 | buffer | test.cpp:62:10:62:15 | buffer indirection |
-| test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | (const char *)... |
 | test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
 | test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
-| test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data indirection |
-| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | (const char *)... |
+| test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
+| test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
+| test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
+| test.cpp:56:12:56:17 | buffer | test.cpp:63:10:63:13 | data |
+| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | (reference dereference) |
 | test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | (reference dereference) |
 | test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
-| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref indirection |
-| test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | (const char *)... |
+| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
+| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
+| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
+| test.cpp:56:12:56:17 | buffer | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
 | test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
-| test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 indirection |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | (const char *)... |
+| test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
+| test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
+| test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
+| test.cpp:56:12:56:17 | buffer | test.cpp:65:10:65:14 | data2 |
+| test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | array to pointer conversion |
+| test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | buffer |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | buffer |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:62:10:62:15 | buffer indirection |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | (const char *)... |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data indirection |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | (const char *)... |
+| test.cpp:56:12:56:17 | fgets output argument | test.cpp:63:10:63:13 | data |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | (reference dereference) |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref indirection |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | (const char *)... |
+| test.cpp:56:12:56:17 | fgets output argument | test.cpp:64:10:64:16 | dataref |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 |
 | test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 |
-| test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 indirection |
-| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | (const char *)... |
+| test.cpp:56:12:56:17 | fgets output argument | test.cpp:65:10:65:14 | data2 |
+| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | array to pointer conversion |
+| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | array to pointer conversion |
 | test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
-| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer indirection |
-| test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | (const char *)... |
+| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
+| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
+| test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer |
+| test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | array to pointer conversion |
 | test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | buffer |
-| test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | buffer indirection |
-| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | (const char *)... |
+| test.cpp:76:12:76:17 | fgets output argument | test.cpp:78:10:78:15 | buffer |
+| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | array to pointer conversion |
+| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | array to pointer conversion |
 | test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
-| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer indirection |
-| test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | (const char *)... |
+| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
+| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
+| test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer |
+| test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | array to pointer conversion |
 | test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | buffer |
-| test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | buffer indirection |
-| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | (const char *)... |
+| test.cpp:98:17:98:22 | recv output argument | test.cpp:99:15:99:20 | buffer |
+| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | array to pointer conversion |
+| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | array to pointer conversion |
 | test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
-| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer indirection |
-| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | (const char *)... |
+| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
+| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
+| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
+| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | array to pointer conversion |
+| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | buffer |
 | test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | buffer |
-| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | buffer indirection |
 subpaths
 nodes
-| test.cpp:24:30:24:36 | *command | semmle.label | *command |
 | test.cpp:24:30:24:36 | command | semmle.label | command |
 | test.cpp:26:10:26:16 | command | semmle.label | command |
 | test.cpp:26:10:26:16 | command | semmle.label | command |
 | test.cpp:26:10:26:16 | command | semmle.label | command |
-| test.cpp:26:10:26:16 | command indirection | semmle.label | command indirection |
-| test.cpp:26:10:26:16 | command indirection | semmle.label | command indirection |
-| test.cpp:29:30:29:36 | *command | semmle.label | *command |
 | test.cpp:29:30:29:36 | command | semmle.label | command |
 | test.cpp:31:10:31:16 | command | semmle.label | command |
 | test.cpp:31:10:31:16 | command | semmle.label | command |
 | test.cpp:31:10:31:16 | command | semmle.label | command |
-| test.cpp:31:10:31:16 | command indirection | semmle.label | command indirection |
-| test.cpp:31:10:31:16 | command indirection | semmle.label | command indirection |
 | test.cpp:42:18:42:23 | call to getenv | semmle.label | call to getenv |
-| test.cpp:42:18:42:34 | (const char *)... | semmle.label | (const char *)... |
 | test.cpp:42:18:42:34 | call to getenv | semmle.label | call to getenv |
-| test.cpp:42:18:42:34 | call to getenv indirection | semmle.label | call to getenv indirection |
 | test.cpp:43:18:43:23 | call to getenv | semmle.label | call to getenv |
-| test.cpp:43:18:43:34 | (const char *)... | semmle.label | (const char *)... |
 | test.cpp:43:18:43:34 | call to getenv | semmle.label | call to getenv |
-| test.cpp:43:18:43:34 | call to getenv indirection | semmle.label | call to getenv indirection |
+| test.cpp:56:12:56:17 | buffer | semmle.label | buffer |
 | test.cpp:56:12:56:17 | buffer | semmle.label | buffer |
 | test.cpp:56:12:56:17 | fgets output argument | semmle.label | fgets output argument |
-| test.cpp:62:10:62:15 | (const char *)... | semmle.label | (const char *)... |
-| test.cpp:62:10:62:15 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:62:10:62:15 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:62:10:62:15 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:62:10:62:15 | buffer | semmle.label | buffer |
+| test.cpp:62:10:62:15 | buffer | semmle.label | buffer |
 | test.cpp:62:10:62:15 | buffer | semmle.label | buffer |
-| test.cpp:62:10:62:15 | buffer indirection | semmle.label | buffer indirection |
-| test.cpp:62:10:62:15 | buffer indirection | semmle.label | buffer indirection |
-| test.cpp:63:10:63:13 | (const char *)... | semmle.label | (const char *)... |
-| test.cpp:63:10:63:13 | (const char *)... | semmle.label | (const char *)... |
 | test.cpp:63:10:63:13 | data | semmle.label | data |
 | test.cpp:63:10:63:13 | data | semmle.label | data |
 | test.cpp:63:10:63:13 | data | semmle.label | data |
-| test.cpp:63:10:63:13 | data indirection | semmle.label | data indirection |
-| test.cpp:63:10:63:13 | data indirection | semmle.label | data indirection |
-| test.cpp:64:10:64:16 | (const char *)... | semmle.label | (const char *)... |
-| test.cpp:64:10:64:16 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:63:10:63:13 | data | semmle.label | data |
+| test.cpp:63:10:63:13 | data | semmle.label | data |
 | test.cpp:64:10:64:16 | (reference dereference) | semmle.label | (reference dereference) |
 | test.cpp:64:10:64:16 | (reference dereference) | semmle.label | (reference dereference) |
 | test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
 | test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
 | test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
-| test.cpp:64:10:64:16 | dataref indirection | semmle.label | dataref indirection |
-| test.cpp:64:10:64:16 | dataref indirection | semmle.label | dataref indirection |
-| test.cpp:65:10:65:14 | (const char *)... | semmle.label | (const char *)... |
-| test.cpp:65:10:65:14 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
+| test.cpp:64:10:64:16 | dataref | semmle.label | dataref |
 | test.cpp:65:10:65:14 | data2 | semmle.label | data2 |
 | test.cpp:65:10:65:14 | data2 | semmle.label | data2 |
 | test.cpp:65:10:65:14 | data2 | semmle.label | data2 |
-| test.cpp:65:10:65:14 | data2 indirection | semmle.label | data2 indirection |
-| test.cpp:65:10:65:14 | data2 indirection | semmle.label | data2 indirection |
+| test.cpp:65:10:65:14 | data2 | semmle.label | data2 |
+| test.cpp:65:10:65:14 | data2 | semmle.label | data2 |
+| test.cpp:76:12:76:17 | buffer | semmle.label | buffer |
 | test.cpp:76:12:76:17 | buffer | semmle.label | buffer |
 | test.cpp:76:12:76:17 | fgets output argument | semmle.label | fgets output argument |
-| test.cpp:78:10:78:15 | (const char *)... | semmle.label | (const char *)... |
-| test.cpp:78:10:78:15 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:78:10:78:15 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:78:10:78:15 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:78:10:78:15 | buffer | semmle.label | buffer |
-| test.cpp:78:10:78:15 | buffer indirection | semmle.label | buffer indirection |
-| test.cpp:78:10:78:15 | buffer indirection | semmle.label | buffer indirection |
+| test.cpp:78:10:78:15 | buffer | semmle.label | buffer |
+| test.cpp:78:10:78:15 | buffer | semmle.label | buffer |
+| test.cpp:98:17:98:22 | buffer | semmle.label | buffer |
 | test.cpp:98:17:98:22 | buffer | semmle.label | buffer |
 | test.cpp:98:17:98:22 | recv output argument | semmle.label | recv output argument |
-| test.cpp:99:15:99:20 | (const char *)... | semmle.label | (const char *)... |
-| test.cpp:99:15:99:20 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:99:15:99:20 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:99:15:99:20 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:99:15:99:20 | buffer | semmle.label | buffer |
-| test.cpp:99:15:99:20 | buffer indirection | semmle.label | buffer indirection |
-| test.cpp:99:15:99:20 | buffer indirection | semmle.label | buffer indirection |
+| test.cpp:99:15:99:20 | buffer | semmle.label | buffer |
+| test.cpp:99:15:99:20 | buffer | semmle.label | buffer |
+| test.cpp:106:17:106:22 | buffer | semmle.label | buffer |
 | test.cpp:106:17:106:22 | buffer | semmle.label | buffer |
 | test.cpp:106:17:106:22 | recv output argument | semmle.label | recv output argument |
-| test.cpp:107:15:107:20 | (const char *)... | semmle.label | (const char *)... |
-| test.cpp:107:15:107:20 | (const char *)... | semmle.label | (const char *)... |
+| test.cpp:107:15:107:20 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:107:15:107:20 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
+| test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
 | test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
-| test.cpp:107:15:107:20 | buffer indirection | semmle.label | buffer indirection |
-| test.cpp:107:15:107:20 | buffer indirection | semmle.label | buffer indirection |
 #select
 | test.cpp:26:10:26:16 | command | test.cpp:42:18:42:23 | call to getenv | test.cpp:26:10:26:16 | command | The value of this argument may come from $@ and is being passed to system. | test.cpp:42:18:42:23 | call to getenv | call to getenv |
 | test.cpp:31:10:31:16 | command | test.cpp:43:18:43:23 | call to getenv | test.cpp:31:10:31:16 | command | The value of this argument may come from $@ and is being passed to system. | test.cpp:43:18:43:23 | call to getenv | call to getenv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/BadlyBoundedWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/BadlyBoundedWrite.expected
@@ -1,4 +0,0 @@
-| tests.cpp:350:13:350:19 | call to strncat | This 'call to strncat' operation is limited to 100 bytes but the destination is only 50 bytes. |
-| tests.cpp:452:9:452:15 | call to wcsncpy | This 'call to wcsncpy' operation is limited to 396 bytes but the destination is only 200 bytes. |
-| tests.cpp:481:9:481:16 | call to swprintf | This 'call to swprintf' operation is limited to 400 bytes but the destination is only 200 bytes. |
-| tests.cpp:630:13:630:20 | call to swprintf | This 'call to swprintf' operation is limited to 400 bytes but the destination is only 200 bytes. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverflowBuffer.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/SAMATE/OverflowBuffer.expected
@@ -1,19 +1,2 @@
 | tests.cpp:45:9:45:14 | call to memcpy | This 'memcpy' operation accesses 32 bytes but the $@ is only 16 bytes. | tests.cpp:32:10:32:18 | charFirst | destination buffer |
 | tests.cpp:60:9:60:14 | call to memcpy | This 'memcpy' operation accesses 32 bytes but the $@ is only 16 bytes. | tests.cpp:32:10:32:18 | charFirst | destination buffer |
-| tests.cpp:171:9:171:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:164:20:164:25 | call to malloc | destination buffer |
-| tests.cpp:172:9:172:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:164:20:164:25 | call to malloc | array |
-| tests.cpp:192:9:192:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:181:10:181:22 | dataBadBuffer | destination buffer |
-| tests.cpp:192:9:192:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:185:12:185:24 | dataBadBuffer | destination buffer |
-| tests.cpp:193:9:193:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:181:10:181:22 | dataBadBuffer | array |
-| tests.cpp:193:9:193:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:185:12:185:24 | dataBadBuffer | array |
-| tests.cpp:212:9:212:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:201:36:201:41 | call to alloca | destination buffer |
-| tests.cpp:212:9:212:14 | call to memcpy | This 'memcpy' operation accesses 100 bytes but the $@ is only 50 bytes. | tests.cpp:205:12:205:24 | dataBadBuffer | destination buffer |
-| tests.cpp:213:9:213:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:201:36:201:41 | call to alloca | array |
-| tests.cpp:213:9:213:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:205:12:205:24 | dataBadBuffer | array |
-| tests.cpp:237:9:237:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:221:36:221:41 | call to alloca | array |
-| tests.cpp:237:9:237:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:225:12:225:24 | dataBadBuffer | array |
-| tests.cpp:261:9:261:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:245:10:245:22 | dataBadBuffer | array |
-| tests.cpp:261:9:261:19 | access to array | This array indexing operation accesses byte offset 99 but the $@ is only 50 bytes. | tests.cpp:249:12:249:24 | dataBadBuffer | array |
-| tests.cpp:384:9:384:14 | call to memcpy | This 'memcpy' operation accesses 40 bytes but the $@ is only 10 bytes. | tests.cpp:380:19:380:24 | call to alloca | destination buffer |
-| tests.cpp:434:9:434:19 | access to array | This array indexing operation accesses byte offset 399 but the $@ is only 200 bytes. | tests.cpp:422:12:422:26 | new[] | array |
-| tests.cpp:453:9:453:19 | access to array | This array indexing operation accesses byte offset 399 but the $@ is only 200 bytes. | tests.cpp:445:12:445:26 | new[] | array |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/BadlyBoundedWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/BadlyBoundedWrite.expected
@@ -1,2 +1 @@
-| var_size_struct.cpp:73:3:73:9 | call to strncpy | This 'call to strncpy' operation is limited to 1025 bytes but the destination is only 1024 bytes. |
 | var_size_struct.cpp:103:3:103:9 | call to strncpy | This 'call to strncpy' operation is limited to 129 bytes but the destination is only 128 bytes. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowBuffer.expected
@@ -4,29 +4,17 @@
 | tests.cpp:172:23:172:31 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:170:17:170:41 | {...} | array |
 | tests.cpp:176:23:176:30 | access to array | This array indexing operation accesses byte offset 31 but the $@ is only 24 bytes. | tests.cpp:170:17:170:41 | {...} | array |
 | tests.cpp:222:3:222:8 | call to memset | This 'memset' operation accesses 33 bytes but the $@ is only 32 bytes. | tests.cpp:214:8:214:14 | buffer1 | destination buffer |
-| tests.cpp:224:3:224:8 | call to memset | This 'memset' operation accesses 33 bytes but the $@ is only 32 bytes. | tests.cpp:215:19:215:30 | new[] | destination buffer |
-| tests.cpp:226:3:226:8 | call to memset | This 'memset' operation accesses 33 bytes but the $@ is only 32 bytes. | tests.cpp:218:13:218:18 | call to malloc | destination buffer |
-| tests.cpp:228:3:228:8 | call to memset | This 'memset' operation accesses 33 bytes but the $@ is only 32 bytes. | tests.cpp:218:13:218:18 | call to malloc | destination buffer |
-| tests.cpp:228:3:228:8 | call to memset | This 'memset' operation accesses 33 bytes but the $@ is only 32 bytes. | tests.cpp:219:13:219:19 | buffer3 | destination buffer |
 | tests.cpp:231:3:231:8 | call to memcmp | This 'memcmp' operation may access 33 bytes but the $@ is only 32 bytes. | tests.cpp:214:8:214:14 | buffer1 | first buffer |
-| tests.cpp:231:3:231:8 | call to memcmp | This 'memcmp' operation may access 33 bytes but the $@ is only 32 bytes. | tests.cpp:215:19:215:30 | new[] | second buffer |
 | tests.cpp:244:2:244:8 | call to memmove | This 'memmove' operation accesses 6 bytes but the $@ is only 5 bytes. | tests.cpp:208:25:208:39 | {...} | source buffer |
 | tests.cpp:245:2:245:8 | call to memmove | This 'memmove' operation accesses 6 bytes but the $@ is only 5 bytes. | tests.cpp:208:25:208:39 | {...} | destination buffer |
 | tests.cpp:265:2:265:8 | call to wmemset | This 'wmemset' operation accesses 132 bytes but the $@ is only 128 bytes. | tests.cpp:260:10:260:16 | buffer1 | destination buffer |
 | tests.cpp:266:2:266:8 | call to wmemset | This 'wmemset' operation accesses 128 bytes but the $@ is only 32 bytes. | tests.cpp:261:7:261:13 | buffer2 | destination buffer |
 | tests.cpp:275:3:275:8 | call to memset | This 'memset' operation accesses 15 bytes but the $@ is only 14 bytes. | tests.cpp:272:18:272:32 | Hello, world! | destination buffer |
-| tests.cpp:285:3:285:8 | call to memset | This 'memset' operation accesses 128 bytes but the $@ is only 64 bytes. | tests.cpp:283:12:283:23 | new[] | destination buffer |
+| tests.cpp:275:3:275:8 | call to memset | This 'memset' operation accesses 15 bytes but the $@ is only 14 bytes. | tests.cpp:274:10:274:15 | string | destination buffer |
 | tests.cpp:292:3:292:8 | call to memset | This 'memset' operation accesses 11 bytes but the $@ is only 10 bytes. | tests.cpp:289:8:289:12 | array | destination buffer |
 | tests.cpp:310:2:310:7 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:301:10:301:14 | myVar | destination buffer |
 | tests.cpp:312:2:312:7 | call to memset | This 'memset' operation accesses 17 bytes but the $@ is only 16 bytes. | tests.cpp:298:7:298:12 | buffer | destination buffer |
 | tests.cpp:314:2:314:7 | call to memset | This 'memset' operation accesses 8 bytes but the $@ is only 4 bytes. | tests.cpp:299:6:299:10 | field | destination buffer |
-| tests.cpp:327:3:327:8 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:301:10:301:14 | myVar | destination buffer |
-| tests.cpp:327:3:327:8 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:322:22:322:27 | & ... | destination buffer |
-| tests.cpp:329:3:329:8 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:301:10:301:14 | myVar | destination buffer |
-| tests.cpp:329:3:329:8 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:322:22:322:27 | & ... | destination buffer |
-| tests.cpp:329:3:329:8 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:324:12:324:17 | myPtr1 | destination buffer |
-| tests.cpp:336:3:336:8 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:301:10:301:14 | myVar | destination buffer |
-| tests.cpp:336:3:336:8 | call to memset | This 'memset' operation accesses 21 bytes but the $@ is only 20 bytes. | tests.cpp:333:27:333:32 | & ... | destination buffer |
 | tests.cpp:346:2:346:14 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:342:7:342:15 | charArray | array |
 | tests.cpp:349:2:349:14 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
 | tests.cpp:350:17:350:29 | access to array | This array indexing operation accesses byte offset 10 but the $@ is only 10 bytes. | tests.cpp:342:7:342:15 | charArray | array |
@@ -37,44 +25,18 @@
 | tests.cpp:361:2:361:16 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
 | tests.cpp:362:25:362:39 | access to array | This array indexing operation accesses byte offset 219 but the $@ is only 200 bytes. | tests.cpp:344:11:344:21 | structArray | array |
 | tests.cpp:365:23:365:34 | access to array | This array indexing operation accesses byte offset 43 but the $@ is only 40 bytes. | tests.cpp:343:6:343:13 | intArray | array |
-| tests.cpp:373:3:373:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 100 bytes. | tests.cpp:368:47:368:52 | call to malloc | array |
-| tests.cpp:376:3:376:13 | access to array | This array indexing operation accesses byte offset 101 but the $@ is only 101 bytes. | tests.cpp:369:47:369:52 | call to malloc | array |
 | tests.cpp:446:3:446:24 | access to array | This array indexing operation accesses a negative index -3 on the $@. | tests.cpp:444:7:444:14 | intArray | array |
 | tests.cpp:454:3:454:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:450:7:450:11 | multi | array |
 | tests.cpp:456:3:456:11 | access to array | This array indexing operation accesses a negative index -21 on the $@. | tests.cpp:450:7:450:11 | multi | array |
 | tests.cpp:459:3:459:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:450:7:450:11 | multi | array |
 | tests.cpp:461:3:461:11 | access to array | This array indexing operation accesses byte offset 639 but the $@ is only 400 bytes. | tests.cpp:450:7:450:11 | multi | array |
-| tests.cpp:476:2:476:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
-| tests.cpp:476:2:476:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:470:13:470:18 | buffer | array |
-| tests.cpp:477:2:477:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
-| tests.cpp:477:2:477:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:471:13:471:18 | buffer | array |
-| tests.cpp:481:2:481:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:469:7:469:12 | buffer | array |
-| tests.cpp:481:2:481:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:472:13:472:18 | buffer | array |
-| tests.cpp:487:2:487:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:473:21:473:26 | call to malloc | array |
-| tests.cpp:491:2:491:7 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:474:21:474:26 | call to malloc | array |
-| tests.cpp:519:3:519:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:502:15:502:20 | call to malloc | destination buffer |
-| tests.cpp:519:3:519:8 | call to memset | This 'memset' operation accesses 20 bytes but the $@ is only 10 bytes. | tests.cpp:510:16:510:21 | call to malloc | destination buffer |
 | tests.cpp:541:6:541:10 | call to fread | This 'fread' operation may access 101 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
 | tests.cpp:546:6:546:10 | call to fread | This 'fread' operation may access 400 bytes but the $@ is only 100 bytes. | tests.cpp:532:7:532:16 | charBuffer | destination buffer |
 | tests.cpp:569:6:569:15 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
-| tests.cpp:577:7:577:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
-| tests.cpp:577:7:577:13 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:571:8:571:13 | buffer | array |
-| tests.cpp:579:6:579:12 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:565:7:565:12 | buffer | array |
-| tests.cpp:579:6:579:12 | access to array | This array indexing operation accesses a negative index -1 on the $@. | tests.cpp:571:8:571:13 | buffer | array |
 | tests_restrict.c:12:2:12:7 | call to memcpy | This 'memcpy' operation accesses 2 bytes but the $@ is only 1 byte. | tests_restrict.c:7:6:7:13 | smallbuf | source buffer |
 | unions.cpp:26:2:26:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:21:10:21:11 | mu | destination buffer |
-| unions.cpp:27:2:27:7 | call to memset | This 'memset' operation accesses 100 bytes but the $@ is only 10 bytes. | unions.cpp:15:7:15:11 | small | destination buffer |
-| unions.cpp:27:2:27:7 | call to memset | This 'memset' operation accesses 100 bytes but the $@ is only 10 bytes. | unions.cpp:27:14:27:18 | small | destination buffer |
-| unions.cpp:29:2:29:7 | call to memset | This 'memset' operation accesses 100 bytes but the $@ is only 10 bytes. | unions.cpp:15:7:15:11 | small | destination buffer |
-| unions.cpp:29:2:29:7 | call to memset | This 'memset' operation accesses 100 bytes but the $@ is only 10 bytes. | unions.cpp:29:14:29:18 | small | destination buffer |
-| unions.cpp:30:2:30:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 10 bytes. | unions.cpp:15:7:15:11 | small | destination buffer |
-| unions.cpp:30:2:30:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 10 bytes. | unions.cpp:30:14:30:18 | small | destination buffer |
 | unions.cpp:30:2:30:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:15:7:15:11 | small | destination buffer |
 | unions.cpp:34:2:34:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:16:7:16:11 | large | destination buffer |
-| unions.cpp:34:2:34:7 | call to memset | This 'memset' operation accesses 200 bytes but the $@ is only 100 bytes. | unions.cpp:34:14:34:18 | large | destination buffer |
-| var_size_struct.cpp:71:3:71:8 | call to memset | This 'memset' operation accesses 1025 bytes but the $@ is only 1024 bytes. | var_size_struct.cpp:63:8:63:11 | data | destination buffer |
-| var_size_struct.cpp:73:3:73:9 | call to strncpy | This 'strncpy' operation may access 1025 bytes but the $@ is only 1024 bytes. | var_size_struct.cpp:63:8:63:11 | data | destination buffer |
-| var_size_struct.cpp:87:3:87:19 | access to array | This array indexing operation accesses byte offset 67 but the $@ is only 64 bytes. | var_size_struct.cpp:78:7:78:14 | elements | array |
 | var_size_struct.cpp:99:3:99:8 | call to memset | This 'memset' operation accesses 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |
 | var_size_struct.cpp:101:3:101:8 | call to memset | This 'memset' operation accesses 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |
 | var_size_struct.cpp:103:3:103:9 | call to strncpy | This 'strncpy' operation may access 129 bytes but the $@ is only 128 bytes. | var_size_struct.cpp:92:8:92:10 | str | destination buffer |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
@@ -1,43 +1,8 @@
 edges
-| overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
-| overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... |
-| overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection |
-| overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:15:53:17 | (const void *)... |
-| overflowdestination.cpp:57:52:57:54 | *src | overflowdestination.cpp:64:16:64:19 | (const void *)... |
-| overflowdestination.cpp:57:52:57:54 | src | overflowdestination.cpp:64:16:64:19 | (const void *)... |
-| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src |
-| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | src indirection |
-| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src |
-| overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | src indirection |
-| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | src |
-| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | src indirection |
-| overflowdestination.cpp:75:30:75:32 | src | overflowdestination.cpp:50:52:50:54 | src |
-| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | *src |
-| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
-| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src |
-| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | *src |
+| overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | arg1 |
 nodes
 | overflowdestination.cpp:27:9:27:12 | argv | semmle.label | argv |
-| overflowdestination.cpp:30:17:30:20 | (const char *)... | semmle.label | (const char *)... |
-| overflowdestination.cpp:43:8:43:10 | fgets output argument | semmle.label | fgets output argument |
-| overflowdestination.cpp:46:15:46:17 | (const void *)... | semmle.label | (const void *)... |
-| overflowdestination.cpp:50:52:50:54 | *src | semmle.label | *src |
-| overflowdestination.cpp:50:52:50:54 | ReturnIndirection | semmle.label | ReturnIndirection |
-| overflowdestination.cpp:50:52:50:54 | src | semmle.label | src |
-| overflowdestination.cpp:53:15:53:17 | (const void *)... | semmle.label | (const void *)... |
-| overflowdestination.cpp:57:52:57:54 | *src | semmle.label | *src |
-| overflowdestination.cpp:57:52:57:54 | src | semmle.label | src |
-| overflowdestination.cpp:64:16:64:19 | (const void *)... | semmle.label | (const void *)... |
-| overflowdestination.cpp:73:8:73:10 | fgets output argument | semmle.label | fgets output argument |
-| overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | semmle.label | overflowdest_test2 output argument |
-| overflowdestination.cpp:75:30:75:32 | src | semmle.label | src |
-| overflowdestination.cpp:75:30:75:32 | src indirection | semmle.label | src indirection |
-| overflowdestination.cpp:76:30:76:32 | src | semmle.label | src |
-| overflowdestination.cpp:76:30:76:32 | src indirection | semmle.label | src indirection |
+| overflowdestination.cpp:30:17:30:20 | arg1 | semmle.label | arg1 |
 subpaths
-| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
 #select
-| overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
-| overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
-| overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
-| overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
+| overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected
@@ -1,106 +1,54 @@
 edges
-| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | (const char *)... |
-| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | (const char *)... |
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
 | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
-| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array indirection |
-| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array indirection |
-| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 |
-| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 |
-| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 |
-| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 |
-| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 indirection |
+| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
+| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
 | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
-| tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array indirection |
-| tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array indirection |
-| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 |
-| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 |
-| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 |
-| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 |
-| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:31:15:31:23 | array to pointer conversion | tests.c:31:15:31:23 | buffer100 |
-| tests.c:31:15:31:23 | array to pointer conversion | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:31:15:31:23 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 |
-| tests.c:31:15:31:23 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 |
-| tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 indirection |
-| tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 |
-| tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:31:15:31:23 | scanf output argument | tests.c:33:21:33:29 | buffer100 |
-| tests.c:31:15:31:23 | scanf output argument | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:33:21:33:29 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 |
-| tests.c:33:21:33:29 | array to pointer conversion | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 |
-| tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 indirection |
-| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | (const char *)... |
-| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | (const char *)... |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
-| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array indirection |
-| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array indirection |
+| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
+| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
 subpaths
 nodes
 | tests.c:28:22:28:25 | argv | semmle.label | argv |
 | tests.c:28:22:28:25 | argv | semmle.label | argv |
-| tests.c:28:22:28:28 | (const char *)... | semmle.label | (const char *)... |
-| tests.c:28:22:28:28 | (const char *)... | semmle.label | (const char *)... |
 | tests.c:28:22:28:28 | access to array | semmle.label | access to array |
 | tests.c:28:22:28:28 | access to array | semmle.label | access to array |
 | tests.c:28:22:28:28 | access to array | semmle.label | access to array |
-| tests.c:28:22:28:28 | access to array indirection | semmle.label | access to array indirection |
-| tests.c:28:22:28:28 | access to array indirection | semmle.label | access to array indirection |
+| tests.c:28:22:28:28 | access to array | semmle.label | access to array |
+| tests.c:28:22:28:28 | access to array | semmle.label | access to array |
 | tests.c:29:28:29:31 | argv | semmle.label | argv |
 | tests.c:29:28:29:31 | argv | semmle.label | argv |
 | tests.c:29:28:29:34 | access to array | semmle.label | access to array |
 | tests.c:29:28:29:34 | access to array | semmle.label | access to array |
 | tests.c:29:28:29:34 | access to array | semmle.label | access to array |
-| tests.c:29:28:29:34 | access to array indirection | semmle.label | access to array indirection |
-| tests.c:29:28:29:34 | access to array indirection | semmle.label | access to array indirection |
-| tests.c:31:15:31:23 | array to pointer conversion | semmle.label | array to pointer conversion |
-| tests.c:31:15:31:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
 | tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
 | tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
-| tests.c:31:15:31:23 | buffer100 indirection | semmle.label | buffer100 indirection |
-| tests.c:31:15:31:23 | buffer100 indirection | semmle.label | buffer100 indirection |
-| tests.c:31:15:31:23 | scanf output argument | semmle.label | scanf output argument |
-| tests.c:33:21:33:29 | array to pointer conversion | semmle.label | array to pointer conversion |
-| tests.c:33:21:33:29 | array to pointer conversion | semmle.label | array to pointer conversion |
+| tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
+| tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
+| tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
+| tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
 | tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
 | tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
 | tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
-| tests.c:33:21:33:29 | buffer100 indirection | semmle.label | buffer100 indirection |
-| tests.c:33:21:33:29 | buffer100 indirection | semmle.label | buffer100 indirection |
 | tests.c:34:10:34:13 | argv | semmle.label | argv |
 | tests.c:34:10:34:13 | argv | semmle.label | argv |
-| tests.c:34:10:34:16 | (const char *)... | semmle.label | (const char *)... |
-| tests.c:34:10:34:16 | (const char *)... | semmle.label | (const char *)... |
 | tests.c:34:10:34:16 | access to array | semmle.label | access to array |
 | tests.c:34:10:34:16 | access to array | semmle.label | access to array |
 | tests.c:34:10:34:16 | access to array | semmle.label | access to array |
-| tests.c:34:10:34:16 | access to array indirection | semmle.label | access to array indirection |
-| tests.c:34:10:34:16 | access to array indirection | semmle.label | access to array indirection |
+| tests.c:34:10:34:16 | access to array | semmle.label | access to array |
+| tests.c:34:10:34:16 | access to array | semmle.label | access to array |
 #select
 | tests.c:28:3:28:9 | call to sprintf | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
 | tests.c:29:3:29:9 | call to sprintf | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
-| tests.c:31:15:31:23 | buffer100 | tests.c:28:22:28:25 | argv | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
-| tests.c:31:15:31:23 | buffer100 | tests.c:29:28:29:31 | argv | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
 | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:31:15:31:23 | buffer100 | buffer100 |
-| tests.c:33:21:33:29 | buffer100 | tests.c:28:22:28:25 | argv | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
-| tests.c:33:21:33:29 | buffer100 | tests.c:29:28:29:31 | argv | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
-| tests.c:33:21:33:29 | buffer100 | tests.c:31:15:31:23 | buffer100 | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:31:15:31:23 | buffer100 | buffer100 |
 | tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:33:21:33:29 | buffer100 | buffer100 |
 | tests.c:34:25:34:33 | buffer100 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array | This 'sscanf string argument' with input from $@ may overflow the destination. | tests.c:34:10:34:13 | argv | argv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/VeryLikelyOverrunWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/VeryLikelyOverrunWrite.expected
@@ -1,10 +1,3 @@
-| tests2.cpp:17:3:17:8 | call to wcscpy | This 'call to wcscpy' operation requires 12 bytes but the destination is only 8 bytes. |
-| tests2.cpp:22:3:22:8 | call to wcscpy | This 'call to wcscpy' operation requires 16 bytes but the destination is only 12 bytes. |
-| tests2.cpp:27:3:27:8 | call to wcscpy | This 'call to wcscpy' operation requires 20 bytes but the destination is only 16 bytes. |
-| tests2.cpp:31:3:31:8 | call to wcscpy | This 'call to wcscpy' operation requires 24 bytes but the destination is only 20 bytes. |
-| tests2.cpp:36:3:36:8 | call to wcscpy | This 'call to wcscpy' operation requires 28 bytes but the destination is only 24 bytes. |
-| tests2.cpp:41:3:41:8 | call to wcscpy | This 'call to wcscpy' operation requires 32 bytes but the destination is only 28 bytes. |
-| tests2.cpp:46:3:46:8 | call to wcscpy | This 'call to wcscpy' operation requires 36 bytes but the destination is only 32 bytes. |
 | tests.c:54:3:54:9 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 10 bytes. |
 | tests.c:58:3:58:9 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 10 bytes. |
 | tests.c:62:17:62:24 | buffer10 | This 'scanf string argument' operation requires 11 bytes but the destination is only 10 bytes. |
@@ -17,7 +10,4 @@
 | tests.c:186:3:186:9 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 2 bytes. |
 | tests.c:189:3:189:9 | call to sprintf | This 'call to sprintf' operation requires 3 bytes but the destination is only 2 bytes. |
 | unions.c:26:2:26:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 16 bytes. |
-| unions.c:27:2:27:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 15 bytes. |
 | unions.c:27:2:27:7 | call to strcpy | This 'call to strcpy' operation requires 21 bytes but the destination is only 16 bytes. |
-| unions.c:32:2:32:7 | call to strcpy | This 'call to strcpy' operation requires 31 bytes but the destination is only 25 bytes. |
-| var_size_struct.cpp:22:3:22:8 | call to strcpy | This 'call to strcpy' operation requires 10 bytes but the destination is only 9 bytes. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
@@ -1,8 +1,4 @@
 edges
-| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data |
 nodes
-| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | semmle.label | fgets output argument |
-| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | semmle.label | data |
 subpaths
 #select
-| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | An array indexing expression depends on $@ that might be outside the bounds of the array. | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | string read by fgets |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
@@ -1,26 +1,33 @@
 edges
 | test1.c:8:16:8:19 | argv | test1.c:9:9:9:9 | i |
 | test1.c:8:16:8:19 | argv | test1.c:11:9:11:9 | i |
+| test1.c:8:16:8:19 | argv | test1.c:12:9:12:9 | i |
 | test1.c:8:16:8:19 | argv | test1.c:13:9:13:9 | i |
 | test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i |
 | test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i |
+| test1.c:12:9:12:9 | i | test1.c:40:16:40:16 | i |
 | test1.c:13:9:13:9 | i | test1.c:48:16:48:16 | i |
 | test1.c:16:16:16:16 | i | test1.c:18:16:18:16 | i |
 | test1.c:32:16:32:16 | i | test1.c:33:11:33:11 | i |
+| test1.c:40:16:40:16 | i | test1.c:41:11:41:11 | i |
 | test1.c:48:16:48:16 | i | test1.c:53:15:53:15 | j |
 nodes
 | test1.c:8:16:8:19 | argv | semmle.label | argv |
 | test1.c:9:9:9:9 | i | semmle.label | i |
 | test1.c:11:9:11:9 | i | semmle.label | i |
+| test1.c:12:9:12:9 | i | semmle.label | i |
 | test1.c:13:9:13:9 | i | semmle.label | i |
 | test1.c:16:16:16:16 | i | semmle.label | i |
 | test1.c:18:16:18:16 | i | semmle.label | i |
 | test1.c:32:16:32:16 | i | semmle.label | i |
 | test1.c:33:11:33:11 | i | semmle.label | i |
+| test1.c:40:16:40:16 | i | semmle.label | i |
+| test1.c:41:11:41:11 | i | semmle.label | i |
 | test1.c:48:16:48:16 | i | semmle.label | i |
 | test1.c:53:15:53:15 | j | semmle.label | j |
 subpaths
 #select
 | test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
 | test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
+| test1.c:41:11:41:11 | i | test1.c:8:16:8:19 | argv | test1.c:41:11:41:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
 | test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/SAMATE/UncontrolledFormatString.expected
@@ -1,26 +1,20 @@
 edges
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data |
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data |
-| char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data indirection |
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:55:94:68 | ... + ... | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data |
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:55:94:68 | ... + ... | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data |
-| char_connect_socket_w32_vsnprintf_01_bad.c:94:55:94:68 | ... + ... | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data indirection |
-| char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | (const char *)... |
 | char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | data |
 | char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | data |
-| char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | data indirection |
-| char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | (const char *)... |
+| char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | data |
+| char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | data |
 | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | data |
 | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | data |
-| char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | char_console_fprintf_01_bad.c:49:21:49:24 | data indirection |
-| char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | (const char *)... |
-| char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | (const char *)... |
 | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data |
 | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data |
 | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data |
 | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data |
-| char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data indirection |
-| char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data indirection |
+| char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data |
+| char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | char_environment_fprintf_01_bad.c:36:21:36:24 | data |
 subpaths
 nodes
 | char_connect_socket_w32_vsnprintf_01_bad.c:94:46:94:69 | recv output argument | semmle.label | recv output argument |
@@ -28,26 +22,20 @@ nodes
 | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data | semmle.label | data |
 | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data | semmle.label | data |
 | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data | semmle.label | data |
-| char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data indirection | semmle.label | data indirection |
-| char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data indirection | semmle.label | data indirection |
 | char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | semmle.label | ... + ... |
 | char_console_fprintf_01_bad.c:30:23:30:35 | fgets output argument | semmle.label | fgets output argument |
-| char_console_fprintf_01_bad.c:49:21:49:24 | (const char *)... | semmle.label | (const char *)... |
-| char_console_fprintf_01_bad.c:49:21:49:24 | (const char *)... | semmle.label | (const char *)... |
 | char_console_fprintf_01_bad.c:49:21:49:24 | data | semmle.label | data |
 | char_console_fprintf_01_bad.c:49:21:49:24 | data | semmle.label | data |
 | char_console_fprintf_01_bad.c:49:21:49:24 | data | semmle.label | data |
-| char_console_fprintf_01_bad.c:49:21:49:24 | data indirection | semmle.label | data indirection |
-| char_console_fprintf_01_bad.c:49:21:49:24 | data indirection | semmle.label | data indirection |
+| char_console_fprintf_01_bad.c:49:21:49:24 | data | semmle.label | data |
+| char_console_fprintf_01_bad.c:49:21:49:24 | data | semmle.label | data |
 | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | semmle.label | call to getenv |
 | char_environment_fprintf_01_bad.c:27:30:27:35 | call to getenv | semmle.label | call to getenv |
-| char_environment_fprintf_01_bad.c:36:21:36:24 | (const char *)... | semmle.label | (const char *)... |
-| char_environment_fprintf_01_bad.c:36:21:36:24 | (const char *)... | semmle.label | (const char *)... |
 | char_environment_fprintf_01_bad.c:36:21:36:24 | data | semmle.label | data |
 | char_environment_fprintf_01_bad.c:36:21:36:24 | data | semmle.label | data |
 | char_environment_fprintf_01_bad.c:36:21:36:24 | data | semmle.label | data |
-| char_environment_fprintf_01_bad.c:36:21:36:24 | data indirection | semmle.label | data indirection |
-| char_environment_fprintf_01_bad.c:36:21:36:24 | data indirection | semmle.label | data indirection |
+| char_environment_fprintf_01_bad.c:36:21:36:24 | data | semmle.label | data |
+| char_environment_fprintf_01_bad.c:36:21:36:24 | data | semmle.label | data |
 #select
 | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data | char_connect_socket_w32_vsnprintf_01_bad.c:94:55:94:68 | ... + ... | char_connect_socket_w32_vsnprintf_01_bad.c:125:15:125:18 | data | The value of this argument may come from $@ and is being used as a formatting argument to badVaSink(data), which calls vsnprintf(format). | char_connect_socket_w32_vsnprintf_01_bad.c:94:55:94:68 | ... + ... | recv |
 | char_console_fprintf_01_bad.c:49:21:49:24 | data | char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | char_console_fprintf_01_bad.c:49:21:49:24 | data | The value of this argument may come from $@ and is being used as a formatting argument to fprintf(format). | char_console_fprintf_01_bad.c:30:23:30:35 | ... + ... | fgets |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/argv/argvLocal.expected
@@ -1,462 +1,269 @@
 edges
-| argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection |
-| argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | (const char *)... |
-| argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | (const char *)... |
 | argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array |
 | argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array |
 | argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array |
 | argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array |
-| argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array indirection |
-| argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array indirection |
+| argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array |
+| argvLocal.c:95:9:95:12 | argv | argvLocal.c:95:9:95:15 | access to array |
 | argvLocal.c:96:15:96:18 | argv | argvLocal.c:96:15:96:21 | access to array |
 | argvLocal.c:96:15:96:18 | argv | argvLocal.c:96:15:96:21 | access to array |
 | argvLocal.c:96:15:96:18 | argv | argvLocal.c:96:15:96:21 | access to array |
 | argvLocal.c:96:15:96:18 | argv | argvLocal.c:96:15:96:21 | access to array |
-| argvLocal.c:96:15:96:18 | argv | argvLocal.c:96:15:96:21 | access to array indirection |
-| argvLocal.c:96:15:96:18 | argv | argvLocal.c:96:15:96:21 | access to array indirection |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | (const char *)... |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | (const char *)... |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | i1 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | i1 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | i1 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | i1 |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | i1 indirection |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | i1 indirection |
+| argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | i1 |
+| argvLocal.c:100:7:100:10 | argv | argvLocal.c:101:9:101:10 | i1 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 indirection |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 indirection |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 indirection |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:102:15:102:16 | i1 indirection |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | (const char *)... |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | (const char *)... |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 indirection |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 indirection |
+| argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 |
+| argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 |
 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 indirection |
-| argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 indirection |
-| argvLocal.c:102:15:102:16 | i1 indirection | argvLocal.c:9:25:9:31 | *correct |
-| argvLocal.c:102:15:102:16 | i1 indirection | argvLocal.c:102:15:102:16 | printWrapper output argument |
-| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | (const char *)... |
-| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | i7 |
-| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | i7 |
-| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:144:9:144:10 | i7 indirection |
-| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:145:15:145:16 | i7 |
-| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:145:15:145:16 | i7 |
-| argvLocal.c:102:15:102:16 | printWrapper output argument | argvLocal.c:145:15:145:16 | i7 indirection |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | (const char *)... |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | (const char *)... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array indirection |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array indirection |
+| argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array |
+| argvLocal.c:105:14:105:17 | argv | argvLocal.c:106:9:106:13 | access to array |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array indirection |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array indirection |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array indirection |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:107:15:107:19 | access to array indirection |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | (const char *)... |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | (const char *)... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | * ... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | * ... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | * ... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | * ... |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | * ... indirection |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:110:9:110:11 | * ... indirection |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... |
 | argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... indirection |
-| argvLocal.c:105:14:105:17 | argv | argvLocal.c:111:15:111:17 | * ... indirection |
-| argvLocal.c:107:15:107:19 | access to array indirection | argvLocal.c:9:25:9:31 | *correct |
-| argvLocal.c:107:15:107:19 | access to array indirection | argvLocal.c:107:15:107:19 | printWrapper output argument |
-| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | (const char *)... |
-| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | * ... |
-| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | * ... |
-| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:110:9:110:11 | * ... indirection |
-| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:111:15:111:17 | * ... |
-| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:111:15:111:17 | * ... |
-| argvLocal.c:107:15:107:19 | printWrapper output argument | argvLocal.c:111:15:111:17 | * ... indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | (const char *)... |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | (const char *)... |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | array to pointer conversion |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | array to pointer conversion |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:116:9:116:10 | i3 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | array to pointer conversion |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | array to pointer conversion |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | (const char *)... |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | (const char *)... |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:117:15:117:16 | i3 |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:121:9:121:10 | i4 indirection |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:122:15:122:16 | i4 indirection |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:10 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:10 | i4 |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | (const char *)... |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | (const char *)... |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ indirection |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
+| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... indirection |
-| argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... indirection |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:17:136:18 | i4 |
 | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:17:136:18 | i4 |
-| argvLocal.c:117:15:117:16 | i3 indirection | argvLocal.c:9:25:9:31 | *correct |
-| argvLocal.c:117:15:117:16 | i3 indirection | argvLocal.c:117:15:117:16 | printWrapper output argument |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | (const char *)... |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | i4 |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | i4 |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:121:9:121:10 | i4 indirection |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 indirection |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:122:15:122:16 | i4 indirection |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:10 | i4 |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | (const char *)... |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ indirection |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... indirection |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | argvLocal.c:136:17:136:18 | i4 |
-| argvLocal.c:122:15:122:16 | i4 indirection | argvLocal.c:9:25:9:31 | *correct |
-| argvLocal.c:122:15:122:16 | i4 indirection | argvLocal.c:122:15:122:16 | printWrapper output argument |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:10 | i4 |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | (const char *)... |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:135:9:135:12 | ... ++ indirection |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:15:136:18 | -- ... indirection |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | argvLocal.c:136:17:136:18 | i4 |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | (const char *)... |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | (const char *)... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | array to pointer conversion |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | array to pointer conversion |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 indirection |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:127:9:127:10 | i5 indirection |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | array to pointer conversion |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | array to pointer conversion |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 indirection |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 indirection |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 indirection |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 indirection |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | (const char *)... |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | (const char *)... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:128:15:128:16 | i5 |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... indirection |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:131:9:131:14 | ... + ... indirection |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... |
 | argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... indirection |
-| argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... indirection |
-| argvLocal.c:128:15:128:16 | i5 indirection | argvLocal.c:9:25:9:31 | *correct |
-| argvLocal.c:128:15:128:16 | i5 indirection | argvLocal.c:128:15:128:16 | printWrapper output argument |
-| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:131:9:131:14 | (const char *)... |
-| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:131:9:131:14 | ... + ... |
-| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:131:9:131:14 | ... + ... indirection |
-| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:132:15:132:20 | ... + ... |
-| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:132:15:132:20 | ... + ... |
-| argvLocal.c:128:15:128:16 | printWrapper output argument | argvLocal.c:132:15:132:20 | ... + ... indirection |
-| argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | (const char *)... |
-| argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | (const char *)... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:139:9:139:26 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:139:9:139:26 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:139:9:139:26 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:139:9:139:26 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:139:9:139:26 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:139:9:139:26 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:140:15:140:32 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:140:15:140:32 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:140:15:140:32 | ... ? ... : ... |
+| argvLocal.c:126:10:126:13 | argv | argvLocal.c:140:15:140:32 | ... ? ... : ... |
+| argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 |
+| argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 |
-| argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 indirection |
-| argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 indirection |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 |
 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 |
-| argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 indirection |
-| argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 indirection |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:157:9:157:10 | (const char *)... |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:157:9:157:10 | (const char *)... |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:157:9:157:10 | i9 |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:157:9:157:10 | i9 |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:157:9:157:10 | i9 indirection |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:157:9:157:10 | i9 indirection |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:158:15:158:16 | i9 |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:158:15:158:16 | i9 |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:158:15:158:16 | i9 |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:158:15:158:16 | i9 |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:158:15:158:16 | i9 indirection |
-| argvLocal.c:156:23:156:26 | argv | argvLocal.c:158:15:158:16 | i9 indirection |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:164:9:164:11 | (const char *)... |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:164:9:164:11 | (const char *)... |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:164:9:164:11 | i91 |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:164:9:164:11 | i91 |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:164:9:164:11 | i91 indirection |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:164:9:164:11 | i91 indirection |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:165:15:165:17 | i91 |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:165:15:165:17 | i91 |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:165:15:165:17 | i91 |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:165:15:165:17 | i91 |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:165:15:165:17 | i91 indirection |
-| argvLocal.c:163:22:163:25 | argv | argvLocal.c:165:15:165:17 | i91 indirection |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | (char *)... |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | (char *)... |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | (const char *)... |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | (const char *)... |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | i10 indirection |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | i10 indirection |
+| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | i10 |
+| argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:9:169:20 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:18:169:20 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:18:169:20 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:18:169:20 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:18:169:20 | i10 |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:15:170:26 | (char *)... |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:15:170:26 | (char *)... |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:15:170:26 | i10 indirection |
-| argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:15:170:26 | i10 indirection |
+| argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:15:170:26 | i10 |
+| argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:15:170:26 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:24:170:26 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:24:170:26 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:24:170:26 | i10 |
 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:24:170:26 | i10 |
 subpaths
-| argvLocal.c:102:15:102:16 | i1 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:102:15:102:16 | printWrapper output argument |
-| argvLocal.c:107:15:107:19 | access to array indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:107:15:107:19 | printWrapper output argument |
-| argvLocal.c:117:15:117:16 | i3 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:117:15:117:16 | printWrapper output argument |
-| argvLocal.c:122:15:122:16 | i4 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:122:15:122:16 | printWrapper output argument |
-| argvLocal.c:128:15:128:16 | i5 indirection | argvLocal.c:9:25:9:31 | *correct | argvLocal.c:9:25:9:31 | ReturnIndirection | argvLocal.c:128:15:128:16 | printWrapper output argument |
 nodes
-| argvLocal.c:9:25:9:31 | *correct | semmle.label | *correct |
-| argvLocal.c:9:25:9:31 | ReturnIndirection | semmle.label | ReturnIndirection |
 | argvLocal.c:95:9:95:12 | argv | semmle.label | argv |
 | argvLocal.c:95:9:95:12 | argv | semmle.label | argv |
-| argvLocal.c:95:9:95:15 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:95:9:95:15 | (const char *)... | semmle.label | (const char *)... |
 | argvLocal.c:95:9:95:15 | access to array | semmle.label | access to array |
 | argvLocal.c:95:9:95:15 | access to array | semmle.label | access to array |
 | argvLocal.c:95:9:95:15 | access to array | semmle.label | access to array |
-| argvLocal.c:95:9:95:15 | access to array indirection | semmle.label | access to array indirection |
-| argvLocal.c:95:9:95:15 | access to array indirection | semmle.label | access to array indirection |
+| argvLocal.c:95:9:95:15 | access to array | semmle.label | access to array |
+| argvLocal.c:95:9:95:15 | access to array | semmle.label | access to array |
 | argvLocal.c:96:15:96:18 | argv | semmle.label | argv |
 | argvLocal.c:96:15:96:18 | argv | semmle.label | argv |
 | argvLocal.c:96:15:96:21 | access to array | semmle.label | access to array |
 | argvLocal.c:96:15:96:21 | access to array | semmle.label | access to array |
 | argvLocal.c:96:15:96:21 | access to array | semmle.label | access to array |
-| argvLocal.c:96:15:96:21 | access to array indirection | semmle.label | access to array indirection |
-| argvLocal.c:96:15:96:21 | access to array indirection | semmle.label | access to array indirection |
 | argvLocal.c:100:7:100:10 | argv | semmle.label | argv |
 | argvLocal.c:100:7:100:10 | argv | semmle.label | argv |
-| argvLocal.c:101:9:101:10 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:101:9:101:10 | (const char *)... | semmle.label | (const char *)... |
 | argvLocal.c:101:9:101:10 | i1 | semmle.label | i1 |
 | argvLocal.c:101:9:101:10 | i1 | semmle.label | i1 |
 | argvLocal.c:101:9:101:10 | i1 | semmle.label | i1 |
-| argvLocal.c:101:9:101:10 | i1 indirection | semmle.label | i1 indirection |
-| argvLocal.c:101:9:101:10 | i1 indirection | semmle.label | i1 indirection |
+| argvLocal.c:101:9:101:10 | i1 | semmle.label | i1 |
+| argvLocal.c:101:9:101:10 | i1 | semmle.label | i1 |
 | argvLocal.c:102:15:102:16 | i1 | semmle.label | i1 |
 | argvLocal.c:102:15:102:16 | i1 | semmle.label | i1 |
 | argvLocal.c:102:15:102:16 | i1 | semmle.label | i1 |
-| argvLocal.c:102:15:102:16 | i1 indirection | semmle.label | i1 indirection |
-| argvLocal.c:102:15:102:16 | i1 indirection | semmle.label | i1 indirection |
-| argvLocal.c:102:15:102:16 | printWrapper output argument | semmle.label | printWrapper output argument |
 | argvLocal.c:105:14:105:17 | argv | semmle.label | argv |
 | argvLocal.c:105:14:105:17 | argv | semmle.label | argv |
-| argvLocal.c:106:9:106:13 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:106:9:106:13 | (const char *)... | semmle.label | (const char *)... |
 | argvLocal.c:106:9:106:13 | access to array | semmle.label | access to array |
 | argvLocal.c:106:9:106:13 | access to array | semmle.label | access to array |
 | argvLocal.c:106:9:106:13 | access to array | semmle.label | access to array |
-| argvLocal.c:106:9:106:13 | access to array indirection | semmle.label | access to array indirection |
-| argvLocal.c:106:9:106:13 | access to array indirection | semmle.label | access to array indirection |
+| argvLocal.c:106:9:106:13 | access to array | semmle.label | access to array |
+| argvLocal.c:106:9:106:13 | access to array | semmle.label | access to array |
 | argvLocal.c:107:15:107:19 | access to array | semmle.label | access to array |
 | argvLocal.c:107:15:107:19 | access to array | semmle.label | access to array |
 | argvLocal.c:107:15:107:19 | access to array | semmle.label | access to array |
-| argvLocal.c:107:15:107:19 | access to array indirection | semmle.label | access to array indirection |
-| argvLocal.c:107:15:107:19 | access to array indirection | semmle.label | access to array indirection |
-| argvLocal.c:107:15:107:19 | printWrapper output argument | semmle.label | printWrapper output argument |
-| argvLocal.c:110:9:110:11 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:110:9:110:11 | (const char *)... | semmle.label | (const char *)... |
 | argvLocal.c:110:9:110:11 | * ... | semmle.label | * ... |
 | argvLocal.c:110:9:110:11 | * ... | semmle.label | * ... |
 | argvLocal.c:110:9:110:11 | * ... | semmle.label | * ... |
-| argvLocal.c:110:9:110:11 | * ... indirection | semmle.label | * ... indirection |
-| argvLocal.c:110:9:110:11 | * ... indirection | semmle.label | * ... indirection |
 | argvLocal.c:111:15:111:17 | * ... | semmle.label | * ... |
 | argvLocal.c:111:15:111:17 | * ... | semmle.label | * ... |
 | argvLocal.c:111:15:111:17 | * ... | semmle.label | * ... |
-| argvLocal.c:111:15:111:17 | * ... indirection | semmle.label | * ... indirection |
-| argvLocal.c:111:15:111:17 | * ... indirection | semmle.label | * ... indirection |
 | argvLocal.c:115:13:115:16 | argv | semmle.label | argv |
 | argvLocal.c:115:13:115:16 | argv | semmle.label | argv |
-| argvLocal.c:116:9:116:10 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:116:9:116:10 | (const char *)... | semmle.label | (const char *)... |
+| argvLocal.c:116:9:116:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| argvLocal.c:116:9:116:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 |
+| argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 |
 | argvLocal.c:116:9:116:10 | i3 | semmle.label | i3 |
-| argvLocal.c:116:9:116:10 | i3 indirection | semmle.label | i3 indirection |
-| argvLocal.c:116:9:116:10 | i3 indirection | semmle.label | i3 indirection |
-| argvLocal.c:117:15:117:16 | array to pointer conversion | semmle.label | array to pointer conversion |
-| argvLocal.c:117:15:117:16 | array to pointer conversion | semmle.label | array to pointer conversion |
 | argvLocal.c:117:15:117:16 | i3 | semmle.label | i3 |
-| argvLocal.c:117:15:117:16 | i3 indirection | semmle.label | i3 indirection |
-| argvLocal.c:117:15:117:16 | i3 indirection | semmle.label | i3 indirection |
-| argvLocal.c:117:15:117:16 | printWrapper output argument | semmle.label | printWrapper output argument |
-| argvLocal.c:121:9:121:10 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:121:9:121:10 | (const char *)... | semmle.label | (const char *)... |
+| argvLocal.c:117:15:117:16 | i3 | semmle.label | i3 |
+| argvLocal.c:117:15:117:16 | i3 | semmle.label | i3 |
+| argvLocal.c:121:9:121:10 | i4 | semmle.label | i4 |
+| argvLocal.c:121:9:121:10 | i4 | semmle.label | i4 |
 | argvLocal.c:121:9:121:10 | i4 | semmle.label | i4 |
 | argvLocal.c:121:9:121:10 | i4 | semmle.label | i4 |
 | argvLocal.c:121:9:121:10 | i4 | semmle.label | i4 |
-| argvLocal.c:121:9:121:10 | i4 indirection | semmle.label | i4 indirection |
-| argvLocal.c:121:9:121:10 | i4 indirection | semmle.label | i4 indirection |
 | argvLocal.c:122:15:122:16 | i4 | semmle.label | i4 |
 | argvLocal.c:122:15:122:16 | i4 | semmle.label | i4 |
 | argvLocal.c:122:15:122:16 | i4 | semmle.label | i4 |
-| argvLocal.c:122:15:122:16 | i4 indirection | semmle.label | i4 indirection |
-| argvLocal.c:122:15:122:16 | i4 indirection | semmle.label | i4 indirection |
-| argvLocal.c:122:15:122:16 | printWrapper output argument | semmle.label | printWrapper output argument |
 | argvLocal.c:126:10:126:13 | argv | semmle.label | argv |
 | argvLocal.c:126:10:126:13 | argv | semmle.label | argv |
-| argvLocal.c:127:9:127:10 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:127:9:127:10 | (const char *)... | semmle.label | (const char *)... |
+| argvLocal.c:127:9:127:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| argvLocal.c:127:9:127:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 |
+| argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 |
 | argvLocal.c:127:9:127:10 | i5 | semmle.label | i5 |
-| argvLocal.c:127:9:127:10 | i5 indirection | semmle.label | i5 indirection |
-| argvLocal.c:127:9:127:10 | i5 indirection | semmle.label | i5 indirection |
-| argvLocal.c:128:15:128:16 | array to pointer conversion | semmle.label | array to pointer conversion |
-| argvLocal.c:128:15:128:16 | array to pointer conversion | semmle.label | array to pointer conversion |
 | argvLocal.c:128:15:128:16 | i5 | semmle.label | i5 |
-| argvLocal.c:128:15:128:16 | i5 indirection | semmle.label | i5 indirection |
-| argvLocal.c:128:15:128:16 | i5 indirection | semmle.label | i5 indirection |
-| argvLocal.c:128:15:128:16 | printWrapper output argument | semmle.label | printWrapper output argument |
-| argvLocal.c:131:9:131:14 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:131:9:131:14 | (const char *)... | semmle.label | (const char *)... |
+| argvLocal.c:128:15:128:16 | i5 | semmle.label | i5 |
+| argvLocal.c:128:15:128:16 | i5 | semmle.label | i5 |
+| argvLocal.c:131:9:131:14 | ... + ... | semmle.label | ... + ... |
+| argvLocal.c:131:9:131:14 | ... + ... | semmle.label | ... + ... |
+| argvLocal.c:131:9:131:14 | ... + ... | semmle.label | ... + ... |
+| argvLocal.c:131:9:131:14 | ... + ... | semmle.label | ... + ... |
 | argvLocal.c:131:9:131:14 | ... + ... | semmle.label | ... + ... |
-| argvLocal.c:131:9:131:14 | ... + ... indirection | semmle.label | ... + ... indirection |
-| argvLocal.c:131:9:131:14 | ... + ... indirection | semmle.label | ... + ... indirection |
 | argvLocal.c:132:15:132:20 | ... + ... | semmle.label | ... + ... |
 | argvLocal.c:132:15:132:20 | ... + ... | semmle.label | ... + ... |
 | argvLocal.c:132:15:132:20 | ... + ... | semmle.label | ... + ... |
-| argvLocal.c:132:15:132:20 | ... + ... indirection | semmle.label | ... + ... indirection |
-| argvLocal.c:132:15:132:20 | ... + ... indirection | semmle.label | ... + ... indirection |
 | argvLocal.c:135:9:135:10 | i4 | semmle.label | i4 |
 | argvLocal.c:135:9:135:10 | i4 | semmle.label | i4 |
-| argvLocal.c:135:9:135:12 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:135:9:135:12 | (const char *)... | semmle.label | (const char *)... |
 | argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ |
 | argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ |
 | argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ |
-| argvLocal.c:135:9:135:12 | ... ++ indirection | semmle.label | ... ++ indirection |
-| argvLocal.c:135:9:135:12 | ... ++ indirection | semmle.label | ... ++ indirection |
+| argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ |
+| argvLocal.c:135:9:135:12 | ... ++ | semmle.label | ... ++ |
+| argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... |
+| argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... |
 | argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... |
 | argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... |
 | argvLocal.c:136:15:136:18 | -- ... | semmle.label | -- ... |
-| argvLocal.c:136:15:136:18 | -- ... indirection | semmle.label | -- ... indirection |
-| argvLocal.c:136:15:136:18 | -- ... indirection | semmle.label | -- ... indirection |
 | argvLocal.c:136:17:136:18 | i4 | semmle.label | i4 |
 | argvLocal.c:136:17:136:18 | i4 | semmle.label | i4 |
-| argvLocal.c:144:9:144:10 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:144:9:144:10 | (const char *)... | semmle.label | (const char *)... |
+| argvLocal.c:139:9:139:26 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| argvLocal.c:139:9:139:26 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| argvLocal.c:139:9:139:26 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| argvLocal.c:139:9:139:26 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| argvLocal.c:139:9:139:26 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| argvLocal.c:140:15:140:32 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| argvLocal.c:140:15:140:32 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| argvLocal.c:140:15:140:32 | ... ? ... : ... | semmle.label | ... ? ... : ... |
+| argvLocal.c:144:9:144:10 | i7 | semmle.label | i7 |
+| argvLocal.c:144:9:144:10 | i7 | semmle.label | i7 |
 | argvLocal.c:144:9:144:10 | i7 | semmle.label | i7 |
 | argvLocal.c:144:9:144:10 | i7 | semmle.label | i7 |
 | argvLocal.c:144:9:144:10 | i7 | semmle.label | i7 |
-| argvLocal.c:144:9:144:10 | i7 indirection | semmle.label | i7 indirection |
-| argvLocal.c:144:9:144:10 | i7 indirection | semmle.label | i7 indirection |
 | argvLocal.c:145:15:145:16 | i7 | semmle.label | i7 |
 | argvLocal.c:145:15:145:16 | i7 | semmle.label | i7 |
 | argvLocal.c:145:15:145:16 | i7 | semmle.label | i7 |
-| argvLocal.c:145:15:145:16 | i7 indirection | semmle.label | i7 indirection |
-| argvLocal.c:145:15:145:16 | i7 indirection | semmle.label | i7 indirection |
 | argvLocal.c:149:11:149:14 | argv | semmle.label | argv |
 | argvLocal.c:149:11:149:14 | argv | semmle.label | argv |
-| argvLocal.c:150:9:150:10 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:150:9:150:10 | (const char *)... | semmle.label | (const char *)... |
 | argvLocal.c:150:9:150:10 | i8 | semmle.label | i8 |
 | argvLocal.c:150:9:150:10 | i8 | semmle.label | i8 |
 | argvLocal.c:150:9:150:10 | i8 | semmle.label | i8 |
-| argvLocal.c:150:9:150:10 | i8 indirection | semmle.label | i8 indirection |
-| argvLocal.c:150:9:150:10 | i8 indirection | semmle.label | i8 indirection |
+| argvLocal.c:150:9:150:10 | i8 | semmle.label | i8 |
+| argvLocal.c:150:9:150:10 | i8 | semmle.label | i8 |
 | argvLocal.c:151:15:151:16 | i8 | semmle.label | i8 |
 | argvLocal.c:151:15:151:16 | i8 | semmle.label | i8 |
 | argvLocal.c:151:15:151:16 | i8 | semmle.label | i8 |
-| argvLocal.c:151:15:151:16 | i8 indirection | semmle.label | i8 indirection |
-| argvLocal.c:151:15:151:16 | i8 indirection | semmle.label | i8 indirection |
-| argvLocal.c:156:23:156:26 | argv | semmle.label | argv |
-| argvLocal.c:156:23:156:26 | argv | semmle.label | argv |
-| argvLocal.c:157:9:157:10 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:157:9:157:10 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:157:9:157:10 | i9 | semmle.label | i9 |
-| argvLocal.c:157:9:157:10 | i9 indirection | semmle.label | i9 indirection |
-| argvLocal.c:157:9:157:10 | i9 indirection | semmle.label | i9 indirection |
-| argvLocal.c:158:15:158:16 | i9 | semmle.label | i9 |
-| argvLocal.c:158:15:158:16 | i9 | semmle.label | i9 |
-| argvLocal.c:158:15:158:16 | i9 | semmle.label | i9 |
-| argvLocal.c:158:15:158:16 | i9 indirection | semmle.label | i9 indirection |
-| argvLocal.c:158:15:158:16 | i9 indirection | semmle.label | i9 indirection |
-| argvLocal.c:163:22:163:25 | argv | semmle.label | argv |
-| argvLocal.c:163:22:163:25 | argv | semmle.label | argv |
-| argvLocal.c:164:9:164:11 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:164:9:164:11 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:164:9:164:11 | i91 | semmle.label | i91 |
-| argvLocal.c:164:9:164:11 | i91 indirection | semmle.label | i91 indirection |
-| argvLocal.c:164:9:164:11 | i91 indirection | semmle.label | i91 indirection |
-| argvLocal.c:165:15:165:17 | i91 | semmle.label | i91 |
-| argvLocal.c:165:15:165:17 | i91 | semmle.label | i91 |
-| argvLocal.c:165:15:165:17 | i91 | semmle.label | i91 |
-| argvLocal.c:165:15:165:17 | i91 indirection | semmle.label | i91 indirection |
-| argvLocal.c:165:15:165:17 | i91 indirection | semmle.label | i91 indirection |
 | argvLocal.c:168:18:168:21 | argv | semmle.label | argv |
 | argvLocal.c:168:18:168:21 | argv | semmle.label | argv |
 | argvLocal.c:169:9:169:20 | (char *)... | semmle.label | (char *)... |
 | argvLocal.c:169:9:169:20 | (char *)... | semmle.label | (char *)... |
-| argvLocal.c:169:9:169:20 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:169:9:169:20 | (const char *)... | semmle.label | (const char *)... |
-| argvLocal.c:169:9:169:20 | i10 indirection | semmle.label | i10 indirection |
-| argvLocal.c:169:9:169:20 | i10 indirection | semmle.label | i10 indirection |
+| argvLocal.c:169:9:169:20 | i10 | semmle.label | i10 |
+| argvLocal.c:169:9:169:20 | i10 | semmle.label | i10 |
 | argvLocal.c:169:18:169:20 | i10 | semmle.label | i10 |
 | argvLocal.c:169:18:169:20 | i10 | semmle.label | i10 |
 | argvLocal.c:169:18:169:20 | i10 | semmle.label | i10 |
-| argvLocal.c:170:15:170:26 | (char *)... | semmle.label | (char *)... |
-| argvLocal.c:170:15:170:26 | (char *)... | semmle.label | (char *)... |
-| argvLocal.c:170:15:170:26 | i10 indirection | semmle.label | i10 indirection |
-| argvLocal.c:170:15:170:26 | i10 indirection | semmle.label | i10 indirection |
+| argvLocal.c:170:15:170:26 | i10 | semmle.label | i10 |
+| argvLocal.c:170:15:170:26 | i10 | semmle.label | i10 |
 | argvLocal.c:170:24:170:26 | i10 | semmle.label | i10 |
 | argvLocal.c:170:24:170:26 | i10 | semmle.label | i10 |
 | argvLocal.c:170:24:170:26 | i10 | semmle.label | i10 |
@@ -479,13 +286,11 @@ nodes
 | argvLocal.c:132:15:132:20 | ... + ... | argvLocal.c:126:10:126:13 | argv | argvLocal.c:132:15:132:20 | ... + ... | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:126:10:126:13 | argv | argv |
 | argvLocal.c:135:9:135:12 | ... ++ | argvLocal.c:115:13:115:16 | argv | argvLocal.c:135:9:135:12 | ... ++ | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:115:13:115:16 | argv | argv |
 | argvLocal.c:136:15:136:18 | -- ... | argvLocal.c:115:13:115:16 | argv | argvLocal.c:136:15:136:18 | -- ... | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:115:13:115:16 | argv | argv |
+| argvLocal.c:139:9:139:26 | ... ? ... : ... | argvLocal.c:126:10:126:13 | argv | argvLocal.c:139:9:139:26 | ... ? ... : ... | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:126:10:126:13 | argv | argv |
+| argvLocal.c:140:15:140:32 | ... ? ... : ... | argvLocal.c:126:10:126:13 | argv | argvLocal.c:140:15:140:32 | ... ? ... : ... | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:126:10:126:13 | argv | argv |
 | argvLocal.c:144:9:144:10 | i7 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:144:9:144:10 | i7 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:100:7:100:10 | argv | argv |
 | argvLocal.c:145:15:145:16 | i7 | argvLocal.c:100:7:100:10 | argv | argvLocal.c:145:15:145:16 | i7 | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:100:7:100:10 | argv | argv |
 | argvLocal.c:150:9:150:10 | i8 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:150:9:150:10 | i8 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:149:11:149:14 | argv | argv |
 | argvLocal.c:151:15:151:16 | i8 | argvLocal.c:149:11:149:14 | argv | argvLocal.c:151:15:151:16 | i8 | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:149:11:149:14 | argv | argv |
-| argvLocal.c:157:9:157:10 | i9 | argvLocal.c:156:23:156:26 | argv | argvLocal.c:157:9:157:10 | i9 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:156:23:156:26 | argv | argv |
-| argvLocal.c:158:15:158:16 | i9 | argvLocal.c:156:23:156:26 | argv | argvLocal.c:158:15:158:16 | i9 | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:156:23:156:26 | argv | argv |
-| argvLocal.c:164:9:164:11 | i91 | argvLocal.c:163:22:163:25 | argv | argvLocal.c:164:9:164:11 | i91 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:163:22:163:25 | argv | argv |
-| argvLocal.c:165:15:165:17 | i91 | argvLocal.c:163:22:163:25 | argv | argvLocal.c:165:15:165:17 | i91 | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:163:22:163:25 | argv | argv |
 | argvLocal.c:169:18:169:20 | i10 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:169:18:169:20 | i10 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | argvLocal.c:168:18:168:21 | argv | argv |
 | argvLocal.c:170:24:170:26 | i10 | argvLocal.c:168:18:168:21 | argv | argvLocal.c:170:24:170:26 | i10 | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(correct), which calls printf(format). | argvLocal.c:168:18:168:21 | argv | argv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/consts/NonConstantFormat.expected
@@ -1,14 +1,8 @@
-| consts.cpp:81:9:81:10 | c8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:86:9:86:10 | v1 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:91:9:91:10 | v2 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:95:9:95:10 | v3 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:100:9:100:10 | v4 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:103:9:103:15 | call to varFunc | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:107:9:107:10 | v5 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:112:9:112:10 | v6 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:116:9:116:13 | access to array | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:121:9:121:10 | v8 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:130:9:130:10 | v9 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
-| consts.cpp:135:9:135:11 | v10 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:140:9:140:11 | v11 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
 | consts.cpp:145:9:145:11 | v12 | The format string argument to printf should be constant to prevent security issues and other potential errors. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/funcs/funcsLocal.expected
@@ -1,152 +1,151 @@
 edges
-| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:17:9:17:10 | (const char *)... |
-| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:17:9:17:10 | i1 |
-| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:17:9:17:10 | i1 indirection |
-| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:58:9:58:10 | (const char *)... |
-| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:58:9:58:10 | e1 |
-| funcsLocal.c:16:8:16:9 | (void *)... | funcsLocal.c:58:9:58:10 | e1 indirection |
-| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | (const char *)... |
+| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | array to pointer conversion |
 | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 |
-| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 indirection |
-| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | (const char *)... |
+| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:17:9:17:10 | i1 |
+| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | array to pointer conversion |
 | funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | e1 |
-| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | e1 indirection |
-| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | (const char *)... |
+| funcsLocal.c:16:8:16:9 | fread output argument | funcsLocal.c:58:9:58:10 | e1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | array to pointer conversion |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | array to pointer conversion |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
-| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 indirection |
-| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | (const char *)... |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | array to pointer conversion |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | array to pointer conversion |
 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
-| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 indirection |
-| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | (const char *)... |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
+| funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 |
+| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | array to pointer conversion |
 | funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | i3 |
-| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | i3 indirection |
-| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | (const char *)... |
+| funcsLocal.c:26:8:26:9 | fgets output argument | funcsLocal.c:27:9:27:10 | i3 |
+| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | array to pointer conversion |
+| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | array to pointer conversion |
+| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
+| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
+| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
 | funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 |
-| funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 indirection |
-| funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | (const char *)... |
-| funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | (const char *)... |
 | funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
-| funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 indirection |
-| funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 indirection |
-| funcsLocal.c:31:19:31:21 | fgets output argument | funcsLocal.c:32:9:32:10 | (const char *)... |
+| funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
+| funcsLocal.c:31:13:31:17 | call to fgets | funcsLocal.c:32:9:32:10 | i4 |
+| funcsLocal.c:31:19:31:21 | fgets output argument | funcsLocal.c:32:9:32:10 | i4 |
+| funcsLocal.c:31:19:31:21 | fgets output argument | funcsLocal.c:32:9:32:10 | i4 |
 | funcsLocal.c:31:19:31:21 | fgets output argument | funcsLocal.c:32:9:32:10 | i4 |
-| funcsLocal.c:31:19:31:21 | fgets output argument | funcsLocal.c:32:9:32:10 | i4 indirection |
-| funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | (const char *)... |
 | funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | i4 |
-| funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | i4 indirection |
-| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | (const char *)... |
+| funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | i4 |
+| funcsLocal.c:31:19:31:21 | i41 | funcsLocal.c:32:9:32:10 | i4 |
+| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | array to pointer conversion |
 | funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | i5 |
-| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | i5 indirection |
-| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | (const char *)... |
+| funcsLocal.c:36:7:36:8 | gets output argument | funcsLocal.c:37:9:37:10 | i5 |
+| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | array to pointer conversion |
+| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | array to pointer conversion |
+| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
+| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
+| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
 | funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 |
-| funcsLocal.c:36:7:36:8 | i5 | funcsLocal.c:37:9:37:10 | i5 indirection |
-| funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | (const char *)... |
-| funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | (const char *)... |
 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
 | funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
-| funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 indirection |
-| funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 indirection |
-| funcsLocal.c:41:18:41:20 | gets output argument | funcsLocal.c:42:9:42:10 | (const char *)... |
+| funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
+| funcsLocal.c:41:13:41:16 | call to gets | funcsLocal.c:42:9:42:10 | i6 |
+| funcsLocal.c:41:18:41:20 | gets output argument | funcsLocal.c:42:9:42:10 | i6 |
+| funcsLocal.c:41:18:41:20 | gets output argument | funcsLocal.c:42:9:42:10 | i6 |
 | funcsLocal.c:41:18:41:20 | gets output argument | funcsLocal.c:42:9:42:10 | i6 |
-| funcsLocal.c:41:18:41:20 | gets output argument | funcsLocal.c:42:9:42:10 | i6 indirection |
-| funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | (const char *)... |
 | funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 |
-| funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 indirection |
-| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | (const char *)... |
-| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | (const char *)... |
+| funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 |
+| funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 |
 | funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... |
 | funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... |
 | funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... |
 | funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... |
-| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... indirection |
-| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... indirection |
-| funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | (const char *)... |
+| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:10:47:11 | * ... |
+| funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:10:47:11 | * ... |
 | funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | * ... |
 | funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | * ... |
-| funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:9:47:11 | * ... indirection |
-| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | (const char *)... |
-| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | (const char *)... |
+| funcsLocal.c:46:7:46:9 | gets output argument | funcsLocal.c:47:10:47:11 | * ... |
 | funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... |
 | funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... |
 | funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... |
 | funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... |
-| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... indirection |
-| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... indirection |
+| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:10:53:11 | * ... |
+| funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:10:53:11 | * ... |
+| funcsLocal.c:52:13:52:15 | gets output argument | funcsLocal.c:53:9:53:11 | * ... |
+| funcsLocal.c:52:13:52:15 | gets output argument | funcsLocal.c:53:9:53:11 | * ... |
+| funcsLocal.c:52:13:52:15 | gets output argument | funcsLocal.c:53:10:53:11 | * ... |
+| funcsLocal.c:52:13:52:15 | i81 | funcsLocal.c:53:9:53:11 | * ... |
+| funcsLocal.c:52:13:52:15 | i81 | funcsLocal.c:53:9:53:11 | * ... |
+| funcsLocal.c:52:13:52:15 | i81 | funcsLocal.c:53:10:53:11 | * ... |
 subpaths
 nodes
-| funcsLocal.c:16:8:16:9 | (void *)... | semmle.label | (void *)... |
 | funcsLocal.c:16:8:16:9 | fread output argument | semmle.label | fread output argument |
 | funcsLocal.c:16:8:16:9 | i1 | semmle.label | i1 |
-| funcsLocal.c:17:9:17:10 | (const char *)... | semmle.label | (const char *)... |
-| funcsLocal.c:17:9:17:10 | (const char *)... | semmle.label | (const char *)... |
+| funcsLocal.c:16:8:16:9 | i1 | semmle.label | i1 |
+| funcsLocal.c:17:9:17:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:17:9:17:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
+| funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
 | funcsLocal.c:17:9:17:10 | i1 | semmle.label | i1 |
-| funcsLocal.c:17:9:17:10 | i1 indirection | semmle.label | i1 indirection |
-| funcsLocal.c:17:9:17:10 | i1 indirection | semmle.label | i1 indirection |
 | funcsLocal.c:26:8:26:9 | fgets output argument | semmle.label | fgets output argument |
 | funcsLocal.c:26:8:26:9 | i3 | semmle.label | i3 |
-| funcsLocal.c:27:9:27:10 | (const char *)... | semmle.label | (const char *)... |
-| funcsLocal.c:27:9:27:10 | (const char *)... | semmle.label | (const char *)... |
+| funcsLocal.c:26:8:26:9 | i3 | semmle.label | i3 |
+| funcsLocal.c:27:9:27:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:27:9:27:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
+| funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
 | funcsLocal.c:27:9:27:10 | i3 | semmle.label | i3 |
-| funcsLocal.c:27:9:27:10 | i3 indirection | semmle.label | i3 indirection |
-| funcsLocal.c:27:9:27:10 | i3 indirection | semmle.label | i3 indirection |
 | funcsLocal.c:31:13:31:17 | call to fgets | semmle.label | call to fgets |
 | funcsLocal.c:31:13:31:17 | call to fgets | semmle.label | call to fgets |
 | funcsLocal.c:31:19:31:21 | fgets output argument | semmle.label | fgets output argument |
 | funcsLocal.c:31:19:31:21 | i41 | semmle.label | i41 |
-| funcsLocal.c:32:9:32:10 | (const char *)... | semmle.label | (const char *)... |
-| funcsLocal.c:32:9:32:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:32:9:32:10 | i4 | semmle.label | i4 |
 | funcsLocal.c:32:9:32:10 | i4 | semmle.label | i4 |
 | funcsLocal.c:32:9:32:10 | i4 | semmle.label | i4 |
-| funcsLocal.c:32:9:32:10 | i4 indirection | semmle.label | i4 indirection |
-| funcsLocal.c:32:9:32:10 | i4 indirection | semmle.label | i4 indirection |
+| funcsLocal.c:32:9:32:10 | i4 | semmle.label | i4 |
+| funcsLocal.c:32:9:32:10 | i4 | semmle.label | i4 |
 | funcsLocal.c:36:7:36:8 | gets output argument | semmle.label | gets output argument |
 | funcsLocal.c:36:7:36:8 | i5 | semmle.label | i5 |
-| funcsLocal.c:37:9:37:10 | (const char *)... | semmle.label | (const char *)... |
-| funcsLocal.c:37:9:37:10 | (const char *)... | semmle.label | (const char *)... |
+| funcsLocal.c:36:7:36:8 | i5 | semmle.label | i5 |
+| funcsLocal.c:37:9:37:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:37:9:37:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
+| funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
 | funcsLocal.c:37:9:37:10 | i5 | semmle.label | i5 |
-| funcsLocal.c:37:9:37:10 | i5 indirection | semmle.label | i5 indirection |
-| funcsLocal.c:37:9:37:10 | i5 indirection | semmle.label | i5 indirection |
 | funcsLocal.c:41:13:41:16 | call to gets | semmle.label | call to gets |
 | funcsLocal.c:41:13:41:16 | call to gets | semmle.label | call to gets |
 | funcsLocal.c:41:18:41:20 | gets output argument | semmle.label | gets output argument |
 | funcsLocal.c:41:18:41:20 | i61 | semmle.label | i61 |
-| funcsLocal.c:42:9:42:10 | (const char *)... | semmle.label | (const char *)... |
-| funcsLocal.c:42:9:42:10 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:42:9:42:10 | i6 | semmle.label | i6 |
 | funcsLocal.c:42:9:42:10 | i6 | semmle.label | i6 |
 | funcsLocal.c:42:9:42:10 | i6 | semmle.label | i6 |
-| funcsLocal.c:42:9:42:10 | i6 indirection | semmle.label | i6 indirection |
-| funcsLocal.c:42:9:42:10 | i6 indirection | semmle.label | i6 indirection |
+| funcsLocal.c:42:9:42:10 | i6 | semmle.label | i6 |
+| funcsLocal.c:42:9:42:10 | i6 | semmle.label | i6 |
 | funcsLocal.c:46:7:46:9 | * ... | semmle.label | * ... |
 | funcsLocal.c:46:7:46:9 | * ... | semmle.label | * ... |
 | funcsLocal.c:46:7:46:9 | gets output argument | semmle.label | gets output argument |
-| funcsLocal.c:47:9:47:11 | (const char *)... | semmle.label | (const char *)... |
-| funcsLocal.c:47:9:47:11 | (const char *)... | semmle.label | (const char *)... |
 | funcsLocal.c:47:9:47:11 | * ... | semmle.label | * ... |
 | funcsLocal.c:47:9:47:11 | * ... | semmle.label | * ... |
 | funcsLocal.c:47:9:47:11 | * ... | semmle.label | * ... |
-| funcsLocal.c:47:9:47:11 | * ... indirection | semmle.label | * ... indirection |
-| funcsLocal.c:47:9:47:11 | * ... indirection | semmle.label | * ... indirection |
+| funcsLocal.c:47:10:47:11 | * ... | semmle.label | * ... |
+| funcsLocal.c:47:10:47:11 | * ... | semmle.label | * ... |
 | funcsLocal.c:52:8:52:11 | call to gets | semmle.label | call to gets |
 | funcsLocal.c:52:8:52:11 | call to gets | semmle.label | call to gets |
-| funcsLocal.c:53:9:53:11 | (const char *)... | semmle.label | (const char *)... |
-| funcsLocal.c:53:9:53:11 | (const char *)... | semmle.label | (const char *)... |
+| funcsLocal.c:52:13:52:15 | gets output argument | semmle.label | gets output argument |
+| funcsLocal.c:52:13:52:15 | i81 | semmle.label | i81 |
 | funcsLocal.c:53:9:53:11 | * ... | semmle.label | * ... |
 | funcsLocal.c:53:9:53:11 | * ... | semmle.label | * ... |
 | funcsLocal.c:53:9:53:11 | * ... | semmle.label | * ... |
-| funcsLocal.c:53:9:53:11 | * ... indirection | semmle.label | * ... indirection |
-| funcsLocal.c:53:9:53:11 | * ... indirection | semmle.label | * ... indirection |
-| funcsLocal.c:58:9:58:10 | (const char *)... | semmle.label | (const char *)... |
-| funcsLocal.c:58:9:58:10 | (const char *)... | semmle.label | (const char *)... |
+| funcsLocal.c:53:10:53:11 | * ... | semmle.label | * ... |
+| funcsLocal.c:53:10:53:11 | * ... | semmle.label | * ... |
+| funcsLocal.c:58:9:58:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:58:9:58:10 | array to pointer conversion | semmle.label | array to pointer conversion |
+| funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 |
+| funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 |
 | funcsLocal.c:58:9:58:10 | e1 | semmle.label | e1 |
-| funcsLocal.c:58:9:58:10 | e1 indirection | semmle.label | e1 indirection |
-| funcsLocal.c:58:9:58:10 | e1 indirection | semmle.label | e1 indirection |
 #select
 | funcsLocal.c:17:9:17:10 | i1 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:17:9:17:10 | i1 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | funcsLocal.c:16:8:16:9 | i1 | fread |
 | funcsLocal.c:27:9:27:10 | i3 | funcsLocal.c:26:8:26:9 | i3 | funcsLocal.c:27:9:27:10 | i3 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | funcsLocal.c:26:8:26:9 | i3 | fgets |
@@ -157,4 +156,5 @@ nodes
 | funcsLocal.c:42:9:42:10 | i6 | funcsLocal.c:41:18:41:20 | i61 | funcsLocal.c:42:9:42:10 | i6 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | funcsLocal.c:41:18:41:20 | i61 | gets |
 | funcsLocal.c:47:9:47:11 | * ... | funcsLocal.c:46:7:46:9 | * ... | funcsLocal.c:47:9:47:11 | * ... | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | funcsLocal.c:46:7:46:9 | * ... | gets |
 | funcsLocal.c:53:9:53:11 | * ... | funcsLocal.c:52:8:52:11 | call to gets | funcsLocal.c:53:9:53:11 | * ... | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | funcsLocal.c:52:8:52:11 | call to gets | gets |
+| funcsLocal.c:53:9:53:11 | * ... | funcsLocal.c:52:13:52:15 | i81 | funcsLocal.c:53:9:53:11 | * ... | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | funcsLocal.c:52:13:52:15 | i81 | gets |
 | funcsLocal.c:58:9:58:10 | e1 | funcsLocal.c:16:8:16:9 | i1 | funcsLocal.c:58:9:58:10 | e1 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | funcsLocal.c:16:8:16:9 | i1 | fread |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatString.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatString.expected
@@ -1,131 +1,60 @@
 edges
-| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:33:15:33:18 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | copy |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:44:15:44:19 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:11:22:11:25 | *argv | globalVars.c:12:2:12:15 | Store |
+| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | Load |
+| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | Load |
+| globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | Load |
+| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | Load |
+| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | Load |
+| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | Load |
 | globalVars.c:11:22:11:25 | argv | globalVars.c:12:2:12:15 | Store |
 | globalVars.c:12:2:12:15 | Store | globalVars.c:8:7:8:10 | copy |
 | globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | Store |
 | globalVars.c:16:2:16:12 | Store | globalVars.c:9:7:9:11 | copy2 |
-| globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection |
 | globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | argv |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | argv |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | argv indirection |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | argv indirection |
-| globalVars.c:24:11:24:14 | argv indirection | globalVars.c:11:22:11:25 | *argv |
-| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | (const char *)... |
-| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
-| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy indirection |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy indirection |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy indirection |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:35:11:35:14 | copy |
-| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:19:25:19:27 | *str |
-| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:30:15:30:18 | printWrapper output argument |
-| globalVars.c:30:15:30:18 | printWrapper output argument | globalVars.c:35:11:35:14 | copy |
-| globalVars.c:33:15:33:18 | copy | globalVars.c:35:11:35:14 | copy |
+| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
+| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
+| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
+| globalVars.c:30:15:30:18 | Load | globalVars.c:30:15:30:18 | copy |
+| globalVars.c:30:15:30:18 | Load | globalVars.c:30:15:30:18 | copy |
+| globalVars.c:35:11:35:14 | Load | globalVars.c:35:11:35:14 | copy |
 | globalVars.c:35:11:35:14 | copy | globalVars.c:15:21:15:23 | val |
-| globalVars.c:35:11:35:14 | copy | globalVars.c:35:11:35:14 | copy |
-| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | (const char *)... |
-| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
-| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | (const char *)... |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:19:25:19:27 | *str |
-| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:41:15:41:19 | printWrapper output argument |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | (const char *)... |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 indirection |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | (const char *)... |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection |
-| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | (const char *)... |
-| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection |
+| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
+| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
+| globalVars.c:41:15:41:19 | Load | globalVars.c:41:15:41:19 | copy2 |
+| globalVars.c:41:15:41:19 | Load | globalVars.c:41:15:41:19 | copy2 |
+| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
+| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
 subpaths
-| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection | globalVars.c:30:15:30:18 | printWrapper output argument |
-| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection | globalVars.c:41:15:41:19 | printWrapper output argument |
 nodes
 | globalVars.c:8:7:8:10 | copy | semmle.label | copy |
 | globalVars.c:9:7:9:11 | copy2 | semmle.label | copy2 |
-| globalVars.c:11:22:11:25 | *argv | semmle.label | *argv |
 | globalVars.c:11:22:11:25 | argv | semmle.label | argv |
 | globalVars.c:12:2:12:15 | Store | semmle.label | Store |
 | globalVars.c:15:21:15:23 | val | semmle.label | val |
 | globalVars.c:16:2:16:12 | Store | semmle.label | Store |
-| globalVars.c:19:25:19:27 | *str | semmle.label | *str |
-| globalVars.c:19:25:19:27 | ReturnIndirection | semmle.label | ReturnIndirection |
 | globalVars.c:24:11:24:14 | argv | semmle.label | argv |
 | globalVars.c:24:11:24:14 | argv | semmle.label | argv |
-| globalVars.c:24:11:24:14 | argv | semmle.label | argv |
-| globalVars.c:24:11:24:14 | argv indirection | semmle.label | argv indirection |
-| globalVars.c:27:9:27:12 | (const char *)... | semmle.label | (const char *)... |
-| globalVars.c:27:9:27:12 | (const char *)... | semmle.label | (const char *)... |
+| globalVars.c:27:9:27:12 | Load | semmle.label | Load |
 | globalVars.c:27:9:27:12 | copy | semmle.label | copy |
 | globalVars.c:27:9:27:12 | copy | semmle.label | copy |
 | globalVars.c:27:9:27:12 | copy | semmle.label | copy |
-| globalVars.c:27:9:27:12 | copy indirection | semmle.label | copy indirection |
-| globalVars.c:27:9:27:12 | copy indirection | semmle.label | copy indirection |
+| globalVars.c:30:15:30:18 | Load | semmle.label | Load |
 | globalVars.c:30:15:30:18 | copy | semmle.label | copy |
 | globalVars.c:30:15:30:18 | copy | semmle.label | copy |
 | globalVars.c:30:15:30:18 | copy | semmle.label | copy |
-| globalVars.c:30:15:30:18 | copy indirection | semmle.label | copy indirection |
-| globalVars.c:30:15:30:18 | copy indirection | semmle.label | copy indirection |
-| globalVars.c:30:15:30:18 | printWrapper output argument | semmle.label | printWrapper output argument |
-| globalVars.c:33:15:33:18 | copy | semmle.label | copy |
+| globalVars.c:35:11:35:14 | Load | semmle.label | Load |
 | globalVars.c:35:11:35:14 | copy | semmle.label | copy |
-| globalVars.c:35:11:35:14 | copy | semmle.label | copy |
-| globalVars.c:38:9:38:13 | (const char *)... | semmle.label | (const char *)... |
-| globalVars.c:38:9:38:13 | (const char *)... | semmle.label | (const char *)... |
+| globalVars.c:38:9:38:13 | Load | semmle.label | Load |
 | globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
 | globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
 | globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
-| globalVars.c:38:9:38:13 | copy2 indirection | semmle.label | copy2 indirection |
-| globalVars.c:38:9:38:13 | copy2 indirection | semmle.label | copy2 indirection |
+| globalVars.c:41:15:41:19 | Load | semmle.label | Load |
 | globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
 | globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
 | globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
-| globalVars.c:41:15:41:19 | copy2 indirection | semmle.label | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 indirection | semmle.label | copy2 indirection |
-| globalVars.c:41:15:41:19 | printWrapper output argument | semmle.label | printWrapper output argument |
-| globalVars.c:44:15:44:19 | copy2 | semmle.label | copy2 |
-| globalVars.c:50:9:50:13 | (const char *)... | semmle.label | (const char *)... |
-| globalVars.c:50:9:50:13 | (const char *)... | semmle.label | (const char *)... |
+| globalVars.c:50:9:50:13 | Load | semmle.label | Load |
 | globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
 | globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
 | globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
-| globalVars.c:50:9:50:13 | copy2 indirection | semmle.label | copy2 indirection |
-| globalVars.c:50:9:50:13 | copy2 indirection | semmle.label | copy2 indirection |
 #select
 | globalVars.c:27:9:27:12 | copy | globalVars.c:24:11:24:14 | argv | globalVars.c:27:9:27:12 | copy | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | globalVars.c:24:11:24:14 | argv | argv |
 | globalVars.c:30:15:30:18 | copy | globalVars.c:24:11:24:14 | argv | globalVars.c:30:15:30:18 | copy | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(str), which calls printf(format). | globalVars.c:24:11:24:14 | argv | argv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/globalVars/UncontrolledFormatStringThroughGlobalVar.expected
@@ -1,131 +1,60 @@
 edges
-| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:33:15:33:18 | copy |
-| globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | copy |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:44:15:44:19 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:11:22:11:25 | *argv | globalVars.c:12:2:12:15 | Store |
+| globalVars.c:8:7:8:10 | copy | globalVars.c:27:9:27:12 | Load |
+| globalVars.c:8:7:8:10 | copy | globalVars.c:30:15:30:18 | Load |
+| globalVars.c:8:7:8:10 | copy | globalVars.c:35:11:35:14 | Load |
+| globalVars.c:9:7:9:11 | copy2 | globalVars.c:38:9:38:13 | Load |
+| globalVars.c:9:7:9:11 | copy2 | globalVars.c:41:15:41:19 | Load |
+| globalVars.c:9:7:9:11 | copy2 | globalVars.c:50:9:50:13 | Load |
 | globalVars.c:11:22:11:25 | argv | globalVars.c:12:2:12:15 | Store |
 | globalVars.c:12:2:12:15 | Store | globalVars.c:8:7:8:10 | copy |
 | globalVars.c:15:21:15:23 | val | globalVars.c:16:2:16:12 | Store |
 | globalVars.c:16:2:16:12 | Store | globalVars.c:9:7:9:11 | copy2 |
-| globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection |
 | globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | argv |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | argv |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | argv indirection |
-| globalVars.c:24:11:24:14 | argv | globalVars.c:24:11:24:14 | argv indirection |
-| globalVars.c:24:11:24:14 | argv indirection | globalVars.c:11:22:11:25 | *argv |
-| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | (const char *)... |
-| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy |
-| globalVars.c:27:9:27:12 | copy | globalVars.c:27:9:27:12 | copy indirection |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy indirection |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:30:15:30:18 | copy indirection |
-| globalVars.c:30:15:30:18 | copy | globalVars.c:35:11:35:14 | copy |
-| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:19:25:19:27 | *str |
-| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:30:15:30:18 | printWrapper output argument |
-| globalVars.c:30:15:30:18 | printWrapper output argument | globalVars.c:35:11:35:14 | copy |
-| globalVars.c:33:15:33:18 | copy | globalVars.c:35:11:35:14 | copy |
+| globalVars.c:24:11:24:14 | argv | globalVars.c:11:22:11:25 | argv |
+| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
+| globalVars.c:27:9:27:12 | Load | globalVars.c:27:9:27:12 | copy |
+| globalVars.c:30:15:30:18 | Load | globalVars.c:30:15:30:18 | copy |
+| globalVars.c:30:15:30:18 | Load | globalVars.c:30:15:30:18 | copy |
+| globalVars.c:35:11:35:14 | Load | globalVars.c:35:11:35:14 | copy |
 | globalVars.c:35:11:35:14 | copy | globalVars.c:15:21:15:23 | val |
-| globalVars.c:35:11:35:14 | copy | globalVars.c:35:11:35:14 | copy |
-| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | (const char *)... |
-| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 |
-| globalVars.c:38:9:38:13 | copy2 | globalVars.c:38:9:38:13 | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:41:15:41:19 | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | (const char *)... |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:19:25:19:27 | *str |
-| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:41:15:41:19 | printWrapper output argument |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | (const char *)... |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:41:15:41:19 | printWrapper output argument | globalVars.c:50:9:50:13 | copy2 indirection |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | (const char *)... |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:44:15:44:19 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection |
-| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | (const char *)... |
-| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 |
-| globalVars.c:50:9:50:13 | copy2 | globalVars.c:50:9:50:13 | copy2 indirection |
+| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
+| globalVars.c:38:9:38:13 | Load | globalVars.c:38:9:38:13 | copy2 |
+| globalVars.c:41:15:41:19 | Load | globalVars.c:41:15:41:19 | copy2 |
+| globalVars.c:41:15:41:19 | Load | globalVars.c:41:15:41:19 | copy2 |
+| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
+| globalVars.c:50:9:50:13 | Load | globalVars.c:50:9:50:13 | copy2 |
 subpaths
-| globalVars.c:30:15:30:18 | copy indirection | globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection | globalVars.c:30:15:30:18 | printWrapper output argument |
-| globalVars.c:41:15:41:19 | copy2 indirection | globalVars.c:19:25:19:27 | *str | globalVars.c:19:25:19:27 | ReturnIndirection | globalVars.c:41:15:41:19 | printWrapper output argument |
 nodes
 | globalVars.c:8:7:8:10 | copy | semmle.label | copy |
 | globalVars.c:9:7:9:11 | copy2 | semmle.label | copy2 |
-| globalVars.c:11:22:11:25 | *argv | semmle.label | *argv |
 | globalVars.c:11:22:11:25 | argv | semmle.label | argv |
 | globalVars.c:12:2:12:15 | Store | semmle.label | Store |
 | globalVars.c:15:21:15:23 | val | semmle.label | val |
 | globalVars.c:16:2:16:12 | Store | semmle.label | Store |
-| globalVars.c:19:25:19:27 | *str | semmle.label | *str |
-| globalVars.c:19:25:19:27 | ReturnIndirection | semmle.label | ReturnIndirection |
 | globalVars.c:24:11:24:14 | argv | semmle.label | argv |
 | globalVars.c:24:11:24:14 | argv | semmle.label | argv |
-| globalVars.c:24:11:24:14 | argv | semmle.label | argv |
-| globalVars.c:24:11:24:14 | argv indirection | semmle.label | argv indirection |
-| globalVars.c:27:9:27:12 | (const char *)... | semmle.label | (const char *)... |
-| globalVars.c:27:9:27:12 | (const char *)... | semmle.label | (const char *)... |
+| globalVars.c:27:9:27:12 | Load | semmle.label | Load |
 | globalVars.c:27:9:27:12 | copy | semmle.label | copy |
 | globalVars.c:27:9:27:12 | copy | semmle.label | copy |
 | globalVars.c:27:9:27:12 | copy | semmle.label | copy |
-| globalVars.c:27:9:27:12 | copy indirection | semmle.label | copy indirection |
-| globalVars.c:27:9:27:12 | copy indirection | semmle.label | copy indirection |
+| globalVars.c:30:15:30:18 | Load | semmle.label | Load |
 | globalVars.c:30:15:30:18 | copy | semmle.label | copy |
 | globalVars.c:30:15:30:18 | copy | semmle.label | copy |
 | globalVars.c:30:15:30:18 | copy | semmle.label | copy |
-| globalVars.c:30:15:30:18 | copy indirection | semmle.label | copy indirection |
-| globalVars.c:30:15:30:18 | copy indirection | semmle.label | copy indirection |
-| globalVars.c:30:15:30:18 | printWrapper output argument | semmle.label | printWrapper output argument |
-| globalVars.c:33:15:33:18 | copy | semmle.label | copy |
+| globalVars.c:35:11:35:14 | Load | semmle.label | Load |
 | globalVars.c:35:11:35:14 | copy | semmle.label | copy |
-| globalVars.c:35:11:35:14 | copy | semmle.label | copy |
-| globalVars.c:38:9:38:13 | (const char *)... | semmle.label | (const char *)... |
-| globalVars.c:38:9:38:13 | (const char *)... | semmle.label | (const char *)... |
+| globalVars.c:38:9:38:13 | Load | semmle.label | Load |
 | globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
 | globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
 | globalVars.c:38:9:38:13 | copy2 | semmle.label | copy2 |
-| globalVars.c:38:9:38:13 | copy2 indirection | semmle.label | copy2 indirection |
-| globalVars.c:38:9:38:13 | copy2 indirection | semmle.label | copy2 indirection |
+| globalVars.c:41:15:41:19 | Load | semmle.label | Load |
 | globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
 | globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
 | globalVars.c:41:15:41:19 | copy2 | semmle.label | copy2 |
-| globalVars.c:41:15:41:19 | copy2 indirection | semmle.label | copy2 indirection |
-| globalVars.c:41:15:41:19 | copy2 indirection | semmle.label | copy2 indirection |
-| globalVars.c:41:15:41:19 | printWrapper output argument | semmle.label | printWrapper output argument |
-| globalVars.c:44:15:44:19 | copy2 | semmle.label | copy2 |
-| globalVars.c:50:9:50:13 | (const char *)... | semmle.label | (const char *)... |
-| globalVars.c:50:9:50:13 | (const char *)... | semmle.label | (const char *)... |
+| globalVars.c:50:9:50:13 | Load | semmle.label | Load |
 | globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
 | globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
 | globalVars.c:50:9:50:13 | copy2 | semmle.label | copy2 |
-| globalVars.c:50:9:50:13 | copy2 indirection | semmle.label | copy2 indirection |
-| globalVars.c:50:9:50:13 | copy2 indirection | semmle.label | copy2 indirection |
 #select
 | globalVars.c:27:9:27:12 | copy | globalVars.c:24:11:24:14 | argv | globalVars.c:27:9:27:12 | copy | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | globalVars.c:24:11:24:14 | argv | argv |
 | globalVars.c:30:15:30:18 | copy | globalVars.c:24:11:24:14 | argv | globalVars.c:30:15:30:18 | copy | The value of this argument may come from $@ and is being used as a formatting argument to printWrapper(str), which calls printf(format). | globalVars.c:24:11:24:14 | argv | argv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-134/semmle/ifs/ifs.expected
@@ -1,193 +1,149 @@
 edges
-| ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | (const char *)... |
-| ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | (const char *)... |
 | ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 |
 | ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 |
 | ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 |
 | ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 |
-| ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 indirection |
-| ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 indirection |
-| ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | (const char *)... |
-| ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | (const char *)... |
+| ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 |
+| ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 |
+| ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 |
+| ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 |
 | ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 |
 | ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 |
 | ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 |
 | ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 |
-| ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 indirection |
-| ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 indirection |
-| ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | (const char *)... |
-| ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | (const char *)... |
 | ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 |
 | ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 |
 | ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 |
 | ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 |
-| ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 indirection |
-| ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 indirection |
-| ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | (const char *)... |
-| ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | (const char *)... |
+| ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 |
+| ifs.c:74:8:74:11 | argv | ifs.c:75:9:75:10 | i1 |
+| ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 |
+| ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 |
 | ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 |
 | ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 |
 | ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 |
 | ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 |
-| ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 indirection |
-| ifs.c:80:8:80:11 | argv | ifs.c:81:9:81:10 | i2 indirection |
-| ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | (const char *)... |
-| ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | (const char *)... |
 | ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 |
 | ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 |
 | ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 |
 | ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 |
-| ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 indirection |
-| ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 indirection |
-| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | (const char *)... |
-| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | (const char *)... |
+| ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 |
+| ifs.c:86:8:86:11 | argv | ifs.c:87:9:87:10 | i3 |
+| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 |
+| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 |
 | ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 |
 | ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 |
 | ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 |
 | ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 |
-| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 indirection |
-| ifs.c:92:8:92:11 | argv | ifs.c:93:9:93:10 | i4 indirection |
-| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | (const char *)... |
-| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | (const char *)... |
 | ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 |
 | ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 |
 | ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 |
 | ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 |
-| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 indirection |
-| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 indirection |
-| ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | (const char *)... |
-| ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | (const char *)... |
+| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 |
+| ifs.c:98:8:98:11 | argv | ifs.c:99:9:99:10 | i5 |
+| ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 |
+| ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 |
 | ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 |
 | ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 |
 | ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 |
 | ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 |
-| ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 indirection |
-| ifs.c:105:8:105:11 | argv | ifs.c:106:9:106:10 | i6 indirection |
-| ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | (const char *)... |
-| ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | (const char *)... |
 | ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 |
 | ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 |
 | ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 |
 | ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 |
-| ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 indirection |
-| ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 indirection |
-| ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | (const char *)... |
-| ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | (const char *)... |
+| ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 |
+| ifs.c:111:8:111:11 | argv | ifs.c:112:9:112:10 | i7 |
+| ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 |
+| ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 |
 | ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 |
 | ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 |
 | ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 |
 | ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 |
-| ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 indirection |
-| ifs.c:117:8:117:11 | argv | ifs.c:118:9:118:10 | i8 indirection |
-| ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | (const char *)... |
-| ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | (const char *)... |
 | ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | i9 |
 | ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | i9 |
 | ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | i9 |
 | ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | i9 |
-| ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | i9 indirection |
-| ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | i9 indirection |
+| ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | i9 |
+| ifs.c:123:8:123:11 | argv | ifs.c:124:9:124:10 | i9 |
 subpaths
 nodes
 | ifs.c:61:8:61:11 | argv | semmle.label | argv |
 | ifs.c:61:8:61:11 | argv | semmle.label | argv |
-| ifs.c:62:9:62:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:62:9:62:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:62:9:62:10 | c7 | semmle.label | c7 |
 | ifs.c:62:9:62:10 | c7 | semmle.label | c7 |
 | ifs.c:62:9:62:10 | c7 | semmle.label | c7 |
-| ifs.c:62:9:62:10 | c7 indirection | semmle.label | c7 indirection |
-| ifs.c:62:9:62:10 | c7 indirection | semmle.label | c7 indirection |
+| ifs.c:62:9:62:10 | c7 | semmle.label | c7 |
+| ifs.c:62:9:62:10 | c7 | semmle.label | c7 |
 | ifs.c:68:8:68:11 | argv | semmle.label | argv |
 | ifs.c:68:8:68:11 | argv | semmle.label | argv |
-| ifs.c:69:9:69:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:69:9:69:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:69:9:69:10 | c8 | semmle.label | c8 |
 | ifs.c:69:9:69:10 | c8 | semmle.label | c8 |
 | ifs.c:69:9:69:10 | c8 | semmle.label | c8 |
-| ifs.c:69:9:69:10 | c8 indirection | semmle.label | c8 indirection |
-| ifs.c:69:9:69:10 | c8 indirection | semmle.label | c8 indirection |
+| ifs.c:69:9:69:10 | c8 | semmle.label | c8 |
+| ifs.c:69:9:69:10 | c8 | semmle.label | c8 |
 | ifs.c:74:8:74:11 | argv | semmle.label | argv |
 | ifs.c:74:8:74:11 | argv | semmle.label | argv |
-| ifs.c:75:9:75:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:75:9:75:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:75:9:75:10 | i1 | semmle.label | i1 |
 | ifs.c:75:9:75:10 | i1 | semmle.label | i1 |
 | ifs.c:75:9:75:10 | i1 | semmle.label | i1 |
-| ifs.c:75:9:75:10 | i1 indirection | semmle.label | i1 indirection |
-| ifs.c:75:9:75:10 | i1 indirection | semmle.label | i1 indirection |
+| ifs.c:75:9:75:10 | i1 | semmle.label | i1 |
+| ifs.c:75:9:75:10 | i1 | semmle.label | i1 |
 | ifs.c:80:8:80:11 | argv | semmle.label | argv |
 | ifs.c:80:8:80:11 | argv | semmle.label | argv |
-| ifs.c:81:9:81:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:81:9:81:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:81:9:81:10 | i2 | semmle.label | i2 |
 | ifs.c:81:9:81:10 | i2 | semmle.label | i2 |
 | ifs.c:81:9:81:10 | i2 | semmle.label | i2 |
-| ifs.c:81:9:81:10 | i2 indirection | semmle.label | i2 indirection |
-| ifs.c:81:9:81:10 | i2 indirection | semmle.label | i2 indirection |
+| ifs.c:81:9:81:10 | i2 | semmle.label | i2 |
+| ifs.c:81:9:81:10 | i2 | semmle.label | i2 |
 | ifs.c:86:8:86:11 | argv | semmle.label | argv |
 | ifs.c:86:8:86:11 | argv | semmle.label | argv |
-| ifs.c:87:9:87:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:87:9:87:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:87:9:87:10 | i3 | semmle.label | i3 |
 | ifs.c:87:9:87:10 | i3 | semmle.label | i3 |
 | ifs.c:87:9:87:10 | i3 | semmle.label | i3 |
-| ifs.c:87:9:87:10 | i3 indirection | semmle.label | i3 indirection |
-| ifs.c:87:9:87:10 | i3 indirection | semmle.label | i3 indirection |
+| ifs.c:87:9:87:10 | i3 | semmle.label | i3 |
+| ifs.c:87:9:87:10 | i3 | semmle.label | i3 |
 | ifs.c:92:8:92:11 | argv | semmle.label | argv |
 | ifs.c:92:8:92:11 | argv | semmle.label | argv |
-| ifs.c:93:9:93:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:93:9:93:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:93:9:93:10 | i4 | semmle.label | i4 |
 | ifs.c:93:9:93:10 | i4 | semmle.label | i4 |
 | ifs.c:93:9:93:10 | i4 | semmle.label | i4 |
-| ifs.c:93:9:93:10 | i4 indirection | semmle.label | i4 indirection |
-| ifs.c:93:9:93:10 | i4 indirection | semmle.label | i4 indirection |
+| ifs.c:93:9:93:10 | i4 | semmle.label | i4 |
+| ifs.c:93:9:93:10 | i4 | semmle.label | i4 |
 | ifs.c:98:8:98:11 | argv | semmle.label | argv |
 | ifs.c:98:8:98:11 | argv | semmle.label | argv |
-| ifs.c:99:9:99:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:99:9:99:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:99:9:99:10 | i5 | semmle.label | i5 |
 | ifs.c:99:9:99:10 | i5 | semmle.label | i5 |
 | ifs.c:99:9:99:10 | i5 | semmle.label | i5 |
-| ifs.c:99:9:99:10 | i5 indirection | semmle.label | i5 indirection |
-| ifs.c:99:9:99:10 | i5 indirection | semmle.label | i5 indirection |
+| ifs.c:99:9:99:10 | i5 | semmle.label | i5 |
+| ifs.c:99:9:99:10 | i5 | semmle.label | i5 |
 | ifs.c:105:8:105:11 | argv | semmle.label | argv |
 | ifs.c:105:8:105:11 | argv | semmle.label | argv |
-| ifs.c:106:9:106:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:106:9:106:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:106:9:106:10 | i6 | semmle.label | i6 |
 | ifs.c:106:9:106:10 | i6 | semmle.label | i6 |
 | ifs.c:106:9:106:10 | i6 | semmle.label | i6 |
-| ifs.c:106:9:106:10 | i6 indirection | semmle.label | i6 indirection |
-| ifs.c:106:9:106:10 | i6 indirection | semmle.label | i6 indirection |
+| ifs.c:106:9:106:10 | i6 | semmle.label | i6 |
+| ifs.c:106:9:106:10 | i6 | semmle.label | i6 |
 | ifs.c:111:8:111:11 | argv | semmle.label | argv |
 | ifs.c:111:8:111:11 | argv | semmle.label | argv |
-| ifs.c:112:9:112:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:112:9:112:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:112:9:112:10 | i7 | semmle.label | i7 |
 | ifs.c:112:9:112:10 | i7 | semmle.label | i7 |
 | ifs.c:112:9:112:10 | i7 | semmle.label | i7 |
-| ifs.c:112:9:112:10 | i7 indirection | semmle.label | i7 indirection |
-| ifs.c:112:9:112:10 | i7 indirection | semmle.label | i7 indirection |
+| ifs.c:112:9:112:10 | i7 | semmle.label | i7 |
+| ifs.c:112:9:112:10 | i7 | semmle.label | i7 |
 | ifs.c:117:8:117:11 | argv | semmle.label | argv |
 | ifs.c:117:8:117:11 | argv | semmle.label | argv |
-| ifs.c:118:9:118:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:118:9:118:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:118:9:118:10 | i8 | semmle.label | i8 |
 | ifs.c:118:9:118:10 | i8 | semmle.label | i8 |
 | ifs.c:118:9:118:10 | i8 | semmle.label | i8 |
-| ifs.c:118:9:118:10 | i8 indirection | semmle.label | i8 indirection |
-| ifs.c:118:9:118:10 | i8 indirection | semmle.label | i8 indirection |
+| ifs.c:118:9:118:10 | i8 | semmle.label | i8 |
+| ifs.c:118:9:118:10 | i8 | semmle.label | i8 |
 | ifs.c:123:8:123:11 | argv | semmle.label | argv |
 | ifs.c:123:8:123:11 | argv | semmle.label | argv |
-| ifs.c:124:9:124:10 | (const char *)... | semmle.label | (const char *)... |
-| ifs.c:124:9:124:10 | (const char *)... | semmle.label | (const char *)... |
 | ifs.c:124:9:124:10 | i9 | semmle.label | i9 |
 | ifs.c:124:9:124:10 | i9 | semmle.label | i9 |
 | ifs.c:124:9:124:10 | i9 | semmle.label | i9 |
-| ifs.c:124:9:124:10 | i9 indirection | semmle.label | i9 indirection |
-| ifs.c:124:9:124:10 | i9 indirection | semmle.label | i9 indirection |
+| ifs.c:124:9:124:10 | i9 | semmle.label | i9 |
+| ifs.c:124:9:124:10 | i9 | semmle.label | i9 |
 #select
 | ifs.c:62:9:62:10 | c7 | ifs.c:61:8:61:11 | argv | ifs.c:62:9:62:10 | c7 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | ifs.c:61:8:61:11 | argv | argv |
 | ifs.c:69:9:69:10 | c8 | ifs.c:68:8:68:11 | argv | ifs.c:69:9:69:10 | c8 | The value of this argument may come from $@ and is being used as a formatting argument to printf(format). | ifs.c:68:8:68:11 | argv | argv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticUncontrolled/ArithmeticUncontrolled.expected
@@ -11,17 +11,20 @@ edges
 | test.c:137:13:137:16 | call to rand | test.c:139:10:139:10 | r |
 | test.c:155:22:155:25 | call to rand | test.c:157:9:157:9 | r |
 | test.c:155:22:155:27 | (unsigned int)... | test.c:157:9:157:9 | r |
-| test.cpp:6:5:6:12 | ReturnValue | test.cpp:24:11:24:18 | call to get_rand |
-| test.cpp:8:9:8:12 | call to rand | test.cpp:6:5:6:12 | ReturnValue |
-| test.cpp:13:2:13:6 | * ... [post update] | test.cpp:30:13:30:14 | & ... [post update] |
-| test.cpp:13:10:13:13 | call to rand | test.cpp:13:2:13:6 | * ... [post update] |
-| test.cpp:13:10:13:13 | call to rand | test.cpp:30:13:30:14 | & ... [post update] |
-| test.cpp:18:2:18:5 | (reference dereference) [post update] | test.cpp:36:13:36:13 | r [post update] |
-| test.cpp:18:9:18:12 | call to rand | test.cpp:18:2:18:5 | (reference dereference) [post update] |
-| test.cpp:18:9:18:12 | call to rand | test.cpp:36:13:36:13 | r [post update] |
-| test.cpp:24:11:24:18 | call to get_rand | test.cpp:25:7:25:7 | r |
-| test.cpp:30:13:30:14 | & ... [post update] | test.cpp:31:7:31:7 | r |
-| test.cpp:36:13:36:13 | r [post update] | test.cpp:37:7:37:7 | r |
+| test.cpp:6:5:6:12 | VariableAddress indirection | test.cpp:25:7:25:7 | r |
+| test.cpp:8:9:8:12 | call to rand | test.cpp:6:5:6:12 | VariableAddress indirection |
+| test.cpp:11:21:11:24 | Load indirection | test.cpp:30:13:30:14 | get_rand2 output argument |
+| test.cpp:13:10:13:13 | call to rand | test.cpp:11:21:11:24 | Load indirection |
+| test.cpp:16:21:16:24 | Load indirection | test.cpp:36:13:36:13 | get_rand3 output argument |
+| test.cpp:18:9:18:12 | call to rand | test.cpp:16:21:16:24 | Load indirection |
+| test.cpp:30:13:30:14 | get_rand2 output argument | test.cpp:31:7:31:7 | r |
+| test.cpp:36:13:36:13 | get_rand3 output argument | test.cpp:37:7:37:7 | r |
+| test.cpp:71:23:71:31 | buf_start indirection | test.cpp:75:9:75:11 | len |
+| test.cpp:71:40:71:46 | buf_end indirection | test.cpp:75:9:75:11 | len |
+| test.cpp:80:50:80:53 | call to rand | test.cpp:81:14:81:16 | buf indirection |
+| test.cpp:80:50:80:53 | call to rand | test.cpp:81:19:81:30 | ... + ... indirection |
+| test.cpp:81:14:81:16 | buf indirection | test.cpp:71:23:71:31 | buf_start indirection |
+| test.cpp:81:19:81:30 | ... + ... indirection | test.cpp:71:40:71:46 | buf_end indirection |
 | test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x |
 | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x |
 | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y |
@@ -57,18 +60,23 @@ nodes
 | test.c:155:22:155:25 | call to rand | semmle.label | call to rand |
 | test.c:155:22:155:27 | (unsigned int)... | semmle.label | (unsigned int)... |
 | test.c:157:9:157:9 | r | semmle.label | r |
-| test.cpp:6:5:6:12 | ReturnValue | semmle.label | ReturnValue |
+| test.cpp:6:5:6:12 | VariableAddress indirection | semmle.label | VariableAddress indirection |
 | test.cpp:8:9:8:12 | call to rand | semmle.label | call to rand |
-| test.cpp:13:2:13:6 | * ... [post update] | semmle.label | * ... [post update] |
+| test.cpp:11:21:11:24 | Load indirection | semmle.label | Load indirection |
 | test.cpp:13:10:13:13 | call to rand | semmle.label | call to rand |
-| test.cpp:18:2:18:5 | (reference dereference) [post update] | semmle.label | (reference dereference) [post update] |
+| test.cpp:16:21:16:24 | Load indirection | semmle.label | Load indirection |
 | test.cpp:18:9:18:12 | call to rand | semmle.label | call to rand |
-| test.cpp:24:11:24:18 | call to get_rand | semmle.label | call to get_rand |
 | test.cpp:25:7:25:7 | r | semmle.label | r |
-| test.cpp:30:13:30:14 | & ... [post update] | semmle.label | & ... [post update] |
+| test.cpp:30:13:30:14 | get_rand2 output argument | semmle.label | get_rand2 output argument |
 | test.cpp:31:7:31:7 | r | semmle.label | r |
-| test.cpp:36:13:36:13 | r [post update] | semmle.label | r [post update] |
+| test.cpp:36:13:36:13 | get_rand3 output argument | semmle.label | get_rand3 output argument |
 | test.cpp:37:7:37:7 | r | semmle.label | r |
+| test.cpp:71:23:71:31 | buf_start indirection | semmle.label | buf_start indirection |
+| test.cpp:71:40:71:46 | buf_end indirection | semmle.label | buf_end indirection |
+| test.cpp:75:9:75:11 | len | semmle.label | len |
+| test.cpp:80:50:80:53 | call to rand | semmle.label | call to rand |
+| test.cpp:81:14:81:16 | buf indirection | semmle.label | buf indirection |
+| test.cpp:81:19:81:30 | ... + ... indirection | semmle.label | ... + ... indirection |
 | test.cpp:86:10:86:13 | call to rand | semmle.label | call to rand |
 | test.cpp:90:10:90:10 | x | semmle.label | x |
 | test.cpp:98:10:98:13 | call to rand | semmle.label | call to rand |
@@ -107,6 +115,7 @@ subpaths
 | test.cpp:25:7:25:7 | r | test.cpp:8:9:8:12 | call to rand | test.cpp:25:7:25:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:8:9:8:12 | call to rand | uncontrolled value |
 | test.cpp:31:7:31:7 | r | test.cpp:13:10:13:13 | call to rand | test.cpp:31:7:31:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:13:10:13:13 | call to rand | uncontrolled value |
 | test.cpp:37:7:37:7 | r | test.cpp:18:9:18:12 | call to rand | test.cpp:37:7:37:7 | r | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:18:9:18:12 | call to rand | uncontrolled value |
+| test.cpp:75:9:75:11 | len | test.cpp:80:50:80:53 | call to rand | test.cpp:75:9:75:11 | len | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:80:50:80:53 | call to rand | uncontrolled value |
 | test.cpp:90:10:90:10 | x | test.cpp:86:10:86:13 | call to rand | test.cpp:90:10:90:10 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:86:10:86:13 | call to rand | uncontrolled value |
 | test.cpp:102:10:102:10 | x | test.cpp:98:10:98:13 | call to rand | test.cpp:102:10:102:10 | x | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:98:10:98:13 | call to rand | uncontrolled value |
 | test.cpp:146:9:146:9 | y | test.cpp:137:10:137:13 | call to rand | test.cpp:146:9:146:9 | y | This arithmetic expression depends on an $@, potentially causing an overflow. | test.cpp:137:10:137:13 | call to rand | uncontrolled value |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticWithExtremeValues/ArithmeticWithExtremeValues.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/ArithmeticWithExtremeValues/ArithmeticWithExtremeValues.expected
@@ -3,4 +3,5 @@
 | test.c:50:3:50:5 | sc3 | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test.c:49:9:49:16 | 127 | Extreme value |
 | test.c:59:3:59:5 | sc6 | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test.c:58:9:58:16 | 127 | Extreme value |
 | test.c:63:3:63:5 | sc8 | $@ flows to an operand of an arithmetic expression, potentially causing an underflow. | test.c:62:9:62:16 | - ... | Extreme value |
+| test.c:104:9:104:9 | x | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test.c:98:17:98:23 | 2147483647 | Extreme value |
 | test.c:124:9:124:9 | x | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test.c:118:17:118:23 | 2147483647 | Extreme value |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
@@ -5,11 +5,17 @@ edges
 | test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size |
 | test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size |
 | test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... |
+| test.cpp:124:18:124:23 | call to getenv | test.cpp:125:29:125:32 | size |
 | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... |
+| test.cpp:125:29:125:32 | size | test.cpp:127:24:127:49 | ... * ... |
 | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... |
 | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... |
-| test.cpp:209:8:209:23 | ReturnValue | test.cpp:241:9:241:24 | call to get_tainted_size |
-| test.cpp:211:14:211:19 | call to getenv | test.cpp:209:8:209:23 | ReturnValue |
+| test.cpp:157:19:157:24 | call to getenv | test.cpp:161:11:161:28 | ... * ... |
+| test.cpp:184:19:184:24 | call to getenv | test.cpp:186:10:186:27 | ... * ... |
+| test.cpp:209:8:209:23 | VariableAddress indirection | test.cpp:241:9:241:24 | call to get_tainted_size |
+| test.cpp:211:14:211:19 | call to getenv | test.cpp:209:8:209:23 | VariableAddress indirection |
+| test.cpp:214:8:214:23 | VariableAddress indirection | test.cpp:242:9:242:24 | call to get_bounded_size |
+| test.cpp:216:18:216:23 | call to getenv | test.cpp:214:8:214:23 | VariableAddress indirection |
 | test.cpp:224:23:224:23 | s | test.cpp:225:21:225:21 | s |
 | test.cpp:230:21:230:21 | s | test.cpp:231:21:231:21 | s |
 | test.cpp:237:24:237:29 | call to getenv | test.cpp:239:9:239:18 | local_size |
@@ -17,14 +23,13 @@ edges
 | test.cpp:237:24:237:29 | call to getenv | test.cpp:247:10:247:19 | local_size |
 | test.cpp:245:11:245:20 | local_size | test.cpp:224:23:224:23 | s |
 | test.cpp:247:10:247:19 | local_size | test.cpp:230:21:230:21 | s |
-| test.cpp:251:2:251:9 | (reference dereference) [post update] | test.cpp:289:17:289:20 | size [post update] |
-| test.cpp:251:2:251:9 | (reference dereference) [post update] | test.cpp:305:18:305:21 | size [post update] |
-| test.cpp:251:18:251:23 | call to getenv | test.cpp:251:2:251:9 | (reference dereference) [post update] |
-| test.cpp:251:18:251:23 | call to getenv | test.cpp:289:17:289:20 | size [post update] |
-| test.cpp:251:18:251:23 | call to getenv | test.cpp:305:18:305:21 | size [post update] |
+| test.cpp:250:20:250:27 | Load indirection | test.cpp:289:17:289:20 | get_size output argument |
+| test.cpp:250:20:250:27 | Load indirection | test.cpp:305:18:305:21 | get_size output argument |
+| test.cpp:251:18:251:23 | call to getenv | test.cpp:250:20:250:27 | Load indirection |
 | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... |
-| test.cpp:289:17:289:20 | size [post update] | test.cpp:291:11:291:28 | ... * ... |
-| test.cpp:305:18:305:21 | size [post update] | test.cpp:308:10:308:27 | ... * ... |
+| test.cpp:289:17:289:20 | get_size output argument | test.cpp:291:11:291:28 | ... * ... |
+| test.cpp:305:18:305:21 | get_size output argument | test.cpp:308:10:308:27 | ... * ... |
+| test.cpp:331:15:331:20 | Call | test.cpp:334:9:334:14 | offset |
 nodes
 | test.cpp:40:21:40:24 | argv | semmle.label | argv |
 | test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
@@ -34,13 +39,21 @@ nodes
 | test.cpp:50:26:50:29 | size | semmle.label | size |
 | test.cpp:53:35:53:60 | ... * ... | semmle.label | ... * ... |
 | test.cpp:124:18:124:23 | call to getenv | semmle.label | call to getenv |
+| test.cpp:125:29:125:32 | size | semmle.label | size |
+| test.cpp:127:24:127:49 | ... * ... | semmle.label | ... * ... |
 | test.cpp:128:24:128:41 | ... * ... | semmle.label | ... * ... |
 | test.cpp:133:19:133:24 | call to getenv | semmle.label | call to getenv |
 | test.cpp:135:10:135:27 | ... * ... | semmle.label | ... * ... |
 | test.cpp:148:20:148:25 | call to getenv | semmle.label | call to getenv |
 | test.cpp:152:11:152:28 | ... * ... | semmle.label | ... * ... |
-| test.cpp:209:8:209:23 | ReturnValue | semmle.label | ReturnValue |
+| test.cpp:157:19:157:24 | call to getenv | semmle.label | call to getenv |
+| test.cpp:161:11:161:28 | ... * ... | semmle.label | ... * ... |
+| test.cpp:184:19:184:24 | call to getenv | semmle.label | call to getenv |
+| test.cpp:186:10:186:27 | ... * ... | semmle.label | ... * ... |
+| test.cpp:209:8:209:23 | VariableAddress indirection | semmle.label | VariableAddress indirection |
 | test.cpp:211:14:211:19 | call to getenv | semmle.label | call to getenv |
+| test.cpp:214:8:214:23 | VariableAddress indirection | semmle.label | VariableAddress indirection |
+| test.cpp:216:18:216:23 | call to getenv | semmle.label | call to getenv |
 | test.cpp:224:23:224:23 | s | semmle.label | s |
 | test.cpp:225:21:225:21 | s | semmle.label | s |
 | test.cpp:230:21:230:21 | s | semmle.label | s |
@@ -48,16 +61,19 @@ nodes
 | test.cpp:237:24:237:29 | call to getenv | semmle.label | call to getenv |
 | test.cpp:239:9:239:18 | local_size | semmle.label | local_size |
 | test.cpp:241:9:241:24 | call to get_tainted_size | semmle.label | call to get_tainted_size |
+| test.cpp:242:9:242:24 | call to get_bounded_size | semmle.label | call to get_bounded_size |
 | test.cpp:245:11:245:20 | local_size | semmle.label | local_size |
 | test.cpp:247:10:247:19 | local_size | semmle.label | local_size |
-| test.cpp:251:2:251:9 | (reference dereference) [post update] | semmle.label | (reference dereference) [post update] |
+| test.cpp:250:20:250:27 | Load indirection | semmle.label | Load indirection |
 | test.cpp:251:18:251:23 | call to getenv | semmle.label | call to getenv |
 | test.cpp:259:20:259:25 | call to getenv | semmle.label | call to getenv |
 | test.cpp:263:11:263:29 | ... * ... | semmle.label | ... * ... |
-| test.cpp:289:17:289:20 | size [post update] | semmle.label | size [post update] |
+| test.cpp:289:17:289:20 | get_size output argument | semmle.label | get_size output argument |
 | test.cpp:291:11:291:28 | ... * ... | semmle.label | ... * ... |
-| test.cpp:305:18:305:21 | size [post update] | semmle.label | size [post update] |
+| test.cpp:305:18:305:21 | get_size output argument | semmle.label | get_size output argument |
 | test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
+| test.cpp:331:15:331:20 | Call | semmle.label | Call |
+| test.cpp:334:9:334:14 | offset | semmle.label | offset |
 subpaths
 #select
 | test.cpp:43:31:43:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
@@ -66,13 +82,18 @@ subpaths
 | test.cpp:49:25:49:30 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
 | test.cpp:50:17:50:30 | new[] | test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
 | test.cpp:53:21:53:27 | call to realloc | test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
+| test.cpp:127:17:127:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:127:24:127:49 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) |
 | test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) |
 | test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) |
 | test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | call to getenv | user input (an environment variable) |
+| test.cpp:161:4:161:9 | call to malloc | test.cpp:157:19:157:24 | call to getenv | test.cpp:161:11:161:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:157:19:157:24 | call to getenv | user input (an environment variable) |
+| test.cpp:186:3:186:8 | call to malloc | test.cpp:184:19:184:24 | call to getenv | test.cpp:186:10:186:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:184:19:184:24 | call to getenv | user input (an environment variable) |
 | test.cpp:225:14:225:19 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:225:21:225:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
 | test.cpp:231:14:231:19 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:231:21:231:21 | s | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
 | test.cpp:239:2:239:7 | call to malloc | test.cpp:237:24:237:29 | call to getenv | test.cpp:239:9:239:18 | local_size | This allocation size is derived from $@ and might overflow. | test.cpp:237:24:237:29 | call to getenv | user input (an environment variable) |
 | test.cpp:241:2:241:7 | call to malloc | test.cpp:211:14:211:19 | call to getenv | test.cpp:241:9:241:24 | call to get_tainted_size | This allocation size is derived from $@ and might overflow. | test.cpp:211:14:211:19 | call to getenv | user input (an environment variable) |
+| test.cpp:242:2:242:7 | call to malloc | test.cpp:216:18:216:23 | call to getenv | test.cpp:242:9:242:24 | call to get_bounded_size | This allocation size is derived from $@ and might overflow. | test.cpp:216:18:216:23 | call to getenv | user input (an environment variable) |
 | test.cpp:263:4:263:9 | call to malloc | test.cpp:259:20:259:25 | call to getenv | test.cpp:263:11:263:29 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:259:20:259:25 | call to getenv | user input (an environment variable) |
 | test.cpp:291:4:291:9 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:291:11:291:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) |
 | test.cpp:308:3:308:8 | call to malloc | test.cpp:251:18:251:23 | call to getenv | test.cpp:308:10:308:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:251:18:251:23 | call to getenv | user input (an environment variable) |
+| test.cpp:334:2:334:7 | call to malloc | test.cpp:331:15:331:20 | Call | test.cpp:334:9:334:14 | offset | This allocation size is derived from $@ and might overflow. | test.cpp:331:15:331:20 | Call | user input (an environment variable) |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/ArithmeticTainted.expected
@@ -2,19 +2,24 @@ edges
 | test2.cpp:12:21:12:21 | v | test2.cpp:14:11:14:11 | v |
 | test2.cpp:12:21:12:21 | v | test2.cpp:14:11:14:11 | v |
 | test2.cpp:25:22:25:23 | & ... | test2.cpp:27:13:27:13 | v |
+| test2.cpp:25:22:25:23 | & ... | test2.cpp:27:13:27:13 | v |
 | test2.cpp:25:22:25:23 | fscanf output argument | test2.cpp:27:13:27:13 | v |
 | test2.cpp:27:13:27:13 | v | test2.cpp:12:21:12:21 | v |
-| test5.cpp:5:5:5:17 | ReturnValue | test5.cpp:17:6:17:18 | call to getTaintedInt |
-| test5.cpp:5:5:5:17 | ReturnValue | test5.cpp:17:6:17:18 | call to getTaintedInt |
-| test5.cpp:5:5:5:17 | ReturnValue | test5.cpp:18:6:18:18 | call to getTaintedInt |
-| test5.cpp:9:7:9:9 | buf | test5.cpp:5:5:5:17 | ReturnValue |
-| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | ReturnValue |
-| test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y |
-| test5.cpp:18:6:18:18 | call to getTaintedInt | test5.cpp:19:6:19:6 | y |
+| test5.cpp:5:5:5:17 | VariableAddress indirection | test5.cpp:17:6:17:18 | call to getTaintedInt |
+| test5.cpp:5:5:5:17 | VariableAddress indirection | test5.cpp:17:6:17:18 | call to getTaintedInt |
+| test5.cpp:5:5:5:17 | VariableAddress indirection | test5.cpp:19:6:19:6 | y |
+| test5.cpp:5:5:5:17 | VariableAddress indirection | test5.cpp:19:6:19:6 | y |
+| test5.cpp:9:7:9:9 | buf | test5.cpp:5:5:5:17 | VariableAddress indirection |
+| test5.cpp:9:7:9:9 | buf | test5.cpp:5:5:5:17 | VariableAddress indirection |
+| test5.cpp:9:7:9:9 | gets output argument | test5.cpp:5:5:5:17 | VariableAddress indirection |
 | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
 | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
 | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
 | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections |
+| test.c:17:30:17:33 | argv | test.c:19:17:19:31 | maxConnections2 |
+| test.c:17:30:17:33 | argv | test.c:19:17:19:31 | maxConnections2 |
+| test.c:17:30:17:33 | argv | test.c:19:17:19:31 | maxConnections2 |
+| test.c:17:30:17:33 | argv | test.c:19:17:19:31 | maxConnections2 |
 | test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 |
 | test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 |
 | test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 |
@@ -30,9 +35,11 @@ nodes
 | test2.cpp:14:11:14:11 | v | semmle.label | v |
 | test2.cpp:14:11:14:11 | v | semmle.label | v |
 | test2.cpp:25:22:25:23 | & ... | semmle.label | & ... |
+| test2.cpp:25:22:25:23 | & ... | semmle.label | & ... |
 | test2.cpp:25:22:25:23 | fscanf output argument | semmle.label | fscanf output argument |
 | test2.cpp:27:13:27:13 | v | semmle.label | v |
-| test5.cpp:5:5:5:17 | ReturnValue | semmle.label | ReturnValue |
+| test5.cpp:5:5:5:17 | VariableAddress indirection | semmle.label | VariableAddress indirection |
+| test5.cpp:9:7:9:9 | buf | semmle.label | buf |
 | test5.cpp:9:7:9:9 | buf | semmle.label | buf |
 | test5.cpp:9:7:9:9 | gets output argument | semmle.label | gets output argument |
 | test5.cpp:17:6:17:18 | call to getTaintedInt | semmle.label | call to getTaintedInt |
@@ -47,6 +54,11 @@ nodes
 | test.c:14:15:14:28 | maxConnections | semmle.label | maxConnections |
 | test.c:14:15:14:28 | maxConnections | semmle.label | maxConnections |
 | test.c:14:15:14:28 | maxConnections | semmle.label | maxConnections |
+| test.c:17:30:17:33 | argv | semmle.label | argv |
+| test.c:17:30:17:33 | argv | semmle.label | argv |
+| test.c:19:17:19:31 | maxConnections2 | semmle.label | maxConnections2 |
+| test.c:19:17:19:31 | maxConnections2 | semmle.label | maxConnections2 |
+| test.c:19:17:19:31 | maxConnections2 | semmle.label | maxConnections2 |
 | test.c:41:17:41:20 | argv | semmle.label | argv |
 | test.c:41:17:41:20 | argv | semmle.label | argv |
 | test.c:44:7:44:10 | len2 | semmle.label | len2 |
@@ -65,5 +77,6 @@ nodes
 | test5.cpp:19:6:19:6 | y | test5.cpp:9:7:9:9 | buf | test5.cpp:19:6:19:6 | y | $@ flows to an operand of an arithmetic expression, potentially causing an underflow. | test5.cpp:9:7:9:9 | buf | User-provided value |
 | test.c:14:15:14:28 | maxConnections | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections | $@ flows to an operand of an arithmetic expression, potentially causing an overflow. | test.c:11:29:11:32 | argv | User-provided value |
 | test.c:14:15:14:28 | maxConnections | test.c:11:29:11:32 | argv | test.c:14:15:14:28 | maxConnections | $@ flows to an operand of an arithmetic expression, potentially causing an underflow. | test.c:11:29:11:32 | argv | User-provided value |
+| test.c:19:17:19:31 | maxConnections2 | test.c:17:30:17:33 | argv | test.c:19:17:19:31 | maxConnections2 | $@ flows to an operand of an arithmetic expression, potentially causing an underflow. | test.c:17:30:17:33 | argv | User-provided value |
 | test.c:44:7:44:10 | len2 | test.c:41:17:41:20 | argv | test.c:44:7:44:10 | len2 | $@ flows to an operand of an arithmetic expression, potentially causing an underflow. | test.c:41:17:41:20 | argv | User-provided value |
 | test.c:54:7:54:10 | len3 | test.c:51:17:51:20 | argv | test.c:54:7:54:10 | len3 | $@ flows to an operand of an arithmetic expression, potentially causing an underflow. | test.c:51:17:51:20 | argv | User-provided value |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/IntegerOverflowTainted.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/tainted/IntegerOverflowTainted.expected
@@ -12,5 +12,6 @@
 | test6.cpp:16:15:16:15 | s | $@ flows an expression which might overflow. | test6.cpp:39:23:39:24 | & ... | User-provided value |
 | test6.cpp:30:16:30:16 | s | $@ flows an expression which might overflow. | test6.cpp:39:23:39:24 | & ... | User-provided value |
 | test.c:14:15:14:35 | ... * ... | $@ flows an expression which might overflow. | test.c:11:29:11:32 | argv | User-provided value |
+| test.c:19:17:19:38 | ... * ... | $@ flows an expression which might overflow negatively. | test.c:17:30:17:33 | argv | User-provided value |
 | test.c:44:7:44:12 | ... -- | $@ flows an expression which might overflow negatively. | test.c:41:17:41:20 | argv | User-provided value |
 | test.c:54:7:54:12 | ... -- | $@ flows an expression which might overflow negatively. | test.c:51:17:51:20 | argv | User-provided value |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/VeryLikelyOverrunWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-242/semmle/tests/VeryLikelyOverrunWrite.expected
@@ -1,5 +1,4 @@
 | tests.cpp:272:2:272:8 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 8 bytes. |
-| tests.cpp:273:2:273:8 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 8 bytes. |
 | tests.cpp:308:3:308:9 | call to sprintf | This 'call to sprintf' operation requires 9 bytes but the destination is only 8 bytes. |
 | tests.cpp:321:2:321:8 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 4 bytes. |
 | tests.cpp:324:3:324:9 | call to sprintf | This 'call to sprintf' operation requires 11 bytes but the destination is only 4 bytes. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-290/semmle/AuthenticationBypass/AuthenticationBypass.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-290/semmle/AuthenticationBypass/AuthenticationBypass.expected
@@ -1,22 +1,16 @@
 edges
 | test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address |
 | test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address |
-| test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address indirection |
 | test.cpp:16:25:16:42 | (const char *)... | test.cpp:20:14:20:20 | address |
 | test.cpp:16:25:16:42 | (const char *)... | test.cpp:20:14:20:20 | address |
-| test.cpp:16:25:16:42 | (const char *)... | test.cpp:20:14:20:20 | address indirection |
 | test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address |
 | test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address |
-| test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address indirection |
 | test.cpp:27:25:27:42 | (const char *)... | test.cpp:31:14:31:20 | address |
 | test.cpp:27:25:27:42 | (const char *)... | test.cpp:31:14:31:20 | address |
-| test.cpp:27:25:27:42 | (const char *)... | test.cpp:31:14:31:20 | address indirection |
 | test.cpp:38:25:38:30 | call to getenv | test.cpp:42:14:42:20 | address |
 | test.cpp:38:25:38:30 | call to getenv | test.cpp:42:14:42:20 | address |
-| test.cpp:38:25:38:30 | call to getenv | test.cpp:42:14:42:20 | address indirection |
 | test.cpp:38:25:38:42 | (const char *)... | test.cpp:42:14:42:20 | address |
 | test.cpp:38:25:38:42 | (const char *)... | test.cpp:42:14:42:20 | address |
-| test.cpp:38:25:38:42 | (const char *)... | test.cpp:42:14:42:20 | address indirection |
 subpaths
 nodes
 | test.cpp:16:25:16:30 | call to getenv | semmle.label | call to getenv |
@@ -24,22 +18,16 @@ nodes
 | test.cpp:20:14:20:20 | address | semmle.label | address |
 | test.cpp:20:14:20:20 | address | semmle.label | address |
 | test.cpp:20:14:20:20 | address | semmle.label | address |
-| test.cpp:20:14:20:20 | address indirection | semmle.label | address indirection |
-| test.cpp:20:14:20:20 | address indirection | semmle.label | address indirection |
 | test.cpp:27:25:27:30 | call to getenv | semmle.label | call to getenv |
 | test.cpp:27:25:27:42 | (const char *)... | semmle.label | (const char *)... |
 | test.cpp:31:14:31:20 | address | semmle.label | address |
 | test.cpp:31:14:31:20 | address | semmle.label | address |
 | test.cpp:31:14:31:20 | address | semmle.label | address |
-| test.cpp:31:14:31:20 | address indirection | semmle.label | address indirection |
-| test.cpp:31:14:31:20 | address indirection | semmle.label | address indirection |
 | test.cpp:38:25:38:30 | call to getenv | semmle.label | call to getenv |
 | test.cpp:38:25:38:42 | (const char *)... | semmle.label | (const char *)... |
 | test.cpp:42:14:42:20 | address | semmle.label | address |
 | test.cpp:42:14:42:20 | address | semmle.label | address |
 | test.cpp:42:14:42:20 | address | semmle.label | address |
-| test.cpp:42:14:42:20 | address indirection | semmle.label | address indirection |
-| test.cpp:42:14:42:20 | address indirection | semmle.label | address indirection |
 #select
 | test.cpp:20:7:20:12 | call to strcmp | test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:16:25:16:30 | call to getenv | call to getenv |
 | test.cpp:31:7:31:12 | call to strcmp | test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:27:25:27:30 | call to getenv | call to getenv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextFileWrite.expected
@@ -1,8 +1,22 @@
 edges
 | test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 |
+| test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | buf |
+| test2.cpp:72:15:72:24 | password | test2.cpp:76:30:76:32 | buf |
 | test2.cpp:72:17:72:24 | password | test2.cpp:73:30:73:32 | buf |
 | test2.cpp:72:17:72:24 | password | test2.cpp:76:30:76:32 | buf |
 | test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | buffer |
+| test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword |
+| test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword |
+| test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword |
+| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
+| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
+| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
+| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
+| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
+| test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword |
+| test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword |
+| test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword |
+| test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword |
 nodes
 | test2.cpp:43:36:43:43 | password | semmle.label | password |
 | test2.cpp:44:37:44:45 | thepasswd | semmle.label | thepasswd |
@@ -13,6 +27,7 @@ nodes
 | test2.cpp:57:39:57:49 | call to getPassword | semmle.label | call to getPassword |
 | test2.cpp:62:18:62:25 | password | semmle.label | password |
 | test2.cpp:65:31:65:34 | cpy1 | semmle.label | cpy1 |
+| test2.cpp:72:15:72:24 | password | semmle.label | password |
 | test2.cpp:72:17:72:24 | password | semmle.label | password |
 | test2.cpp:73:30:73:32 | buf | semmle.label | buf |
 | test2.cpp:76:30:76:32 | buf | semmle.label | buf |
@@ -21,8 +36,17 @@ nodes
 | test2.cpp:98:45:98:52 | password | semmle.label | password |
 | test2.cpp:99:27:99:32 | buffer | semmle.label | buffer |
 | test.cpp:45:9:45:19 | thePassword | semmle.label | thePassword |
+| test.cpp:45:9:45:19 | thePassword | semmle.label | thePassword |
+| test.cpp:45:9:45:19 | thePassword | semmle.label | thePassword |
+| test.cpp:70:38:70:48 | thePassword | semmle.label | thePassword |
+| test.cpp:70:38:70:48 | thePassword | semmle.label | thePassword |
+| test.cpp:70:38:70:48 | thePassword | semmle.label | thePassword |
 | test.cpp:70:38:70:48 | thePassword | semmle.label | thePassword |
 | test.cpp:73:43:73:53 | thePassword | semmle.label | thePassword |
+| test.cpp:73:43:73:53 | thePassword | semmle.label | thePassword |
+| test.cpp:73:43:73:53 | thePassword | semmle.label | thePassword |
+| test.cpp:73:63:73:73 | thePassword | semmle.label | thePassword |
+| test.cpp:73:63:73:73 | thePassword | semmle.label | thePassword |
 subpaths
 #select
 | test2.cpp:43:2:43:8 | call to fprintf | test2.cpp:43:36:43:43 | password | test2.cpp:43:36:43:43 | password | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:43:36:43:43 | password | this source. |
@@ -33,9 +57,23 @@ subpaths
 | test2.cpp:55:2:55:8 | call to fprintf | test2.cpp:55:40:55:51 | widepassword | test2.cpp:55:40:55:51 | widepassword | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:55:40:55:51 | widepassword | this source. |
 | test2.cpp:57:2:57:8 | call to fprintf | test2.cpp:57:39:57:49 | call to getPassword | test2.cpp:57:39:57:49 | call to getPassword | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:57:39:57:49 | call to getPassword | this source. |
 | test2.cpp:65:3:65:9 | call to fprintf | test2.cpp:62:18:62:25 | password | test2.cpp:65:31:65:34 | cpy1 | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:62:18:62:25 | password | this source. |
+| test2.cpp:73:3:73:9 | call to fprintf | test2.cpp:72:15:72:24 | password | test2.cpp:73:30:73:32 | buf | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
 | test2.cpp:73:3:73:9 | call to fprintf | test2.cpp:72:17:72:24 | password | test2.cpp:73:30:73:32 | buf | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
+| test2.cpp:76:3:76:9 | call to fprintf | test2.cpp:72:15:72:24 | password | test2.cpp:76:30:76:32 | buf | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
 | test2.cpp:76:3:76:9 | call to fprintf | test2.cpp:72:17:72:24 | password | test2.cpp:76:30:76:32 | buf | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:72:17:72:24 | password | this source. |
 | test2.cpp:99:3:99:9 | call to fprintf | test2.cpp:98:45:98:52 | password | test2.cpp:99:27:99:32 | buffer | This write into file 'log' may contain unencrypted data from $@. | test2.cpp:98:45:98:52 | password | this source. |
 | test.cpp:45:3:45:7 | call to fputs | test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword | This write into file 'file' may contain unencrypted data from $@. | test.cpp:45:9:45:19 | thePassword | this source. |
+| test.cpp:45:3:45:7 | call to fputs | test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword | This write into file 'file' may contain unencrypted data from $@. | test.cpp:45:9:45:19 | thePassword | this source. |
+| test.cpp:45:3:45:7 | call to fputs | test.cpp:45:9:45:19 | thePassword | test.cpp:45:9:45:19 | thePassword | This write into file 'file' may contain unencrypted data from $@. | test.cpp:45:9:45:19 | thePassword | this source. |
 | test.cpp:70:35:70:35 | call to operator<< | test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
+| test.cpp:70:35:70:35 | call to operator<< | test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
+| test.cpp:70:35:70:35 | call to operator<< | test.cpp:70:38:70:48 | thePassword | test.cpp:70:38:70:48 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
+| test.cpp:73:37:73:41 | call to write | test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
+| test.cpp:73:37:73:41 | call to write | test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
+| test.cpp:73:37:73:41 | call to write | test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
+| test.cpp:73:37:73:41 | call to write | test.cpp:70:38:70:48 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:70:38:70:48 | thePassword | this source. |
 | test.cpp:73:37:73:41 | call to write | test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:43:73:53 | thePassword | this source. |
+| test.cpp:73:37:73:41 | call to write | test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:43:73:53 | thePassword | this source. |
+| test.cpp:73:37:73:41 | call to write | test.cpp:73:43:73:53 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:43:73:53 | thePassword | this source. |
+| test.cpp:73:37:73:41 | call to write | test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:63:73:73 | thePassword | this source. |
+| test.cpp:73:37:73:41 | call to write | test.cpp:73:63:73:73 | thePassword | test.cpp:73:43:73:53 | thePassword | This write into file 'mystream' may contain unencrypted data from $@. | test.cpp:73:63:73:73 | thePassword | this source. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextTransmission.expected
@@ -1,63 +1,83 @@
 edges
 | test2.cpp:63:24:63:31 | password | test2.cpp:63:16:63:20 | call to crypt |
 | test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 |
+| test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 |
 | test3.cpp:17:51:17:59 | password2 | test3.cpp:26:15:26:23 | password2 |
-| test3.cpp:45:8:45:15 | password | test3.cpp:47:15:47:22 | password |
-| test3.cpp:53:8:53:15 | password | test3.cpp:55:15:55:22 | password |
+| test3.cpp:17:51:17:59 | password2 | test3.cpp:26:15:26:23 | password2 |
+| test3.cpp:45:8:45:15 | Uninitialized | test3.cpp:47:15:47:22 | array to pointer conversion |
+| test3.cpp:45:8:45:15 | Uninitialized | test3.cpp:47:15:47:22 | password |
+| test3.cpp:53:8:53:15 | Uninitialized | test3.cpp:55:15:55:22 | array to pointer conversion |
+| test3.cpp:53:8:53:15 | Uninitialized | test3.cpp:55:15:55:22 | password |
 | test3.cpp:71:32:71:40 | password1 | test3.cpp:76:15:76:17 | ptr |
-| test3.cpp:80:8:80:15 | password | test3.cpp:83:15:83:17 | ptr |
-| test3.cpp:98:8:98:15 | password | test3.cpp:101:12:101:19 | password |
+| test3.cpp:71:32:71:40 | password1 | test3.cpp:76:15:76:17 | ptr |
+| test3.cpp:80:8:80:15 | Uninitialized | test3.cpp:83:15:83:17 | ptr |
+| test3.cpp:80:8:80:15 | Uninitialized | test3.cpp:83:15:83:17 | ptr |
+| test3.cpp:98:8:98:15 | Uninitialized | test3.cpp:101:12:101:19 | array to pointer conversion |
+| test3.cpp:98:8:98:15 | Uninitialized | test3.cpp:101:12:101:19 | password |
 | test3.cpp:112:20:112:25 | buffer | test3.cpp:114:14:114:19 | buffer |
-| test3.cpp:117:28:117:33 | buffer | test3.cpp:119:9:119:14 | buffer |
-| test3.cpp:126:9:126:23 | global_password | test3.cpp:144:16:144:29 | call to get_global_str |
+| test3.cpp:112:20:112:25 | buffer | test3.cpp:114:14:114:19 | buffer |
+| test3.cpp:112:20:112:25 | buffer indirection | test3.cpp:114:14:114:19 | buffer |
+| test3.cpp:112:20:112:25 | buffer indirection | test3.cpp:114:14:114:19 | buffer |
+| test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:146:15:146:18 | data |
+| test3.cpp:124:7:124:20 | VariableAddress indirection | test3.cpp:146:15:146:18 | data |
+| test3.cpp:126:9:126:23 | global_password | test3.cpp:124:7:124:20 | VariableAddress indirection |
 | test3.cpp:129:39:129:47 | password1 | test3.cpp:138:24:138:32 | password1 |
-| test3.cpp:132:8:132:15 | password | test3.cpp:134:11:134:18 | password |
+| test3.cpp:132:8:132:15 | Uninitialized | test3.cpp:134:11:134:18 | password |
+| test3.cpp:132:8:132:15 | Uninitialized | test3.cpp:134:11:134:18 | password indirection |
 | test3.cpp:134:11:134:18 | password | test3.cpp:112:20:112:25 | buffer |
-| test3.cpp:138:21:138:22 | call to id | test3.cpp:140:15:140:17 | ptr |
-| test3.cpp:138:24:138:32 | password1 | test3.cpp:117:28:117:33 | buffer |
-| test3.cpp:138:24:138:32 | password1 | test3.cpp:138:21:138:22 | call to id |
-| test3.cpp:144:16:144:29 | call to get_global_str | test3.cpp:146:15:146:18 | data |
-| test3.cpp:152:29:152:36 | password | test3.cpp:159:15:159:20 | buffer |
-| test3.cpp:171:8:171:15 | password | test3.cpp:173:15:173:22 | password |
-| test3.cpp:171:8:171:15 | password | test3.cpp:175:3:175:17 | call to decrypt_inplace |
-| test3.cpp:171:8:171:15 | password | test3.cpp:175:19:175:26 | password |
-| test3.cpp:179:8:179:15 | password | test3.cpp:181:15:181:22 | password |
-| test3.cpp:179:8:179:15 | password | test3.cpp:184:3:184:17 | call to decrypt_inplace |
-| test3.cpp:179:8:179:15 | password | test3.cpp:184:19:184:26 | password |
-| test3.cpp:188:8:188:15 | password | test3.cpp:191:15:191:22 | password |
-| test3.cpp:188:8:188:15 | password | test3.cpp:193:18:193:28 | call to rtn_decrypt |
-| test3.cpp:188:8:188:15 | password | test3.cpp:193:30:193:37 | password |
-| test3.cpp:197:8:197:15 | password | test3.cpp:199:3:199:17 | call to encrypt_inplace |
-| test3.cpp:197:8:197:15 | password | test3.cpp:199:19:199:26 | password |
-| test3.cpp:197:8:197:15 | password | test3.cpp:201:15:201:22 | password |
-| test3.cpp:205:8:205:15 | password | test3.cpp:207:3:207:17 | call to encrypt_inplace |
-| test3.cpp:205:8:205:15 | password | test3.cpp:207:19:207:26 | password |
-| test3.cpp:205:8:205:15 | password | test3.cpp:210:15:210:22 | password |
-| test3.cpp:214:8:214:15 | password | test3.cpp:217:18:217:28 | call to rtn_encrypt |
-| test3.cpp:214:8:214:15 | password | test3.cpp:217:18:217:28 | call to rtn_encrypt |
-| test3.cpp:214:8:214:15 | password | test3.cpp:217:30:217:37 | password |
-| test3.cpp:214:8:214:15 | password | test3.cpp:219:15:219:26 | password_ptr |
-| test3.cpp:217:18:217:28 | call to rtn_encrypt | test3.cpp:219:15:219:26 | password_ptr |
+| test3.cpp:134:11:134:18 | password indirection | test3.cpp:112:20:112:25 | buffer indirection |
+| test3.cpp:138:24:138:32 | password1 | test3.cpp:140:15:140:17 | ptr |
+| test3.cpp:138:24:138:32 | password1 | test3.cpp:140:15:140:17 | ptr |
+| test3.cpp:171:8:171:15 | Uninitialized | test3.cpp:173:15:173:22 | array to pointer conversion |
+| test3.cpp:171:8:171:15 | Uninitialized | test3.cpp:173:15:173:22 | password |
+| test3.cpp:171:8:171:15 | Uninitialized | test3.cpp:175:3:175:17 | call to decrypt_inplace |
+| test3.cpp:171:8:171:15 | Uninitialized | test3.cpp:175:19:175:26 | password |
+| test3.cpp:179:8:179:15 | Uninitialized | test3.cpp:181:15:181:22 | array to pointer conversion |
+| test3.cpp:179:8:179:15 | Uninitialized | test3.cpp:181:15:181:22 | password |
+| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:191:15:191:22 | array to pointer conversion |
+| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:191:15:191:22 | password |
+| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:193:18:193:28 | call to rtn_decrypt |
+| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:193:30:193:37 | array to pointer conversion |
+| test3.cpp:188:8:188:15 | Uninitialized | test3.cpp:193:30:193:37 | password |
+| test3.cpp:197:8:197:15 | Uninitialized | test3.cpp:199:3:199:17 | call to encrypt_inplace |
+| test3.cpp:197:8:197:15 | Uninitialized | test3.cpp:199:19:199:26 | password |
+| test3.cpp:197:8:197:15 | Uninitialized | test3.cpp:201:15:201:22 | array to pointer conversion |
+| test3.cpp:197:8:197:15 | Uninitialized | test3.cpp:201:15:201:22 | password |
+| test3.cpp:205:8:205:15 | Uninitialized | test3.cpp:207:3:207:17 | call to encrypt_inplace |
+| test3.cpp:205:8:205:15 | Uninitialized | test3.cpp:207:19:207:26 | password |
+| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:217:18:217:28 | call to rtn_encrypt |
+| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:217:30:217:37 | array to pointer conversion |
+| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:217:30:217:37 | password |
+| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:219:15:219:26 | password_ptr |
+| test3.cpp:214:8:214:15 | Uninitialized | test3.cpp:219:15:219:26 | password_ptr |
 | test3.cpp:225:34:225:41 | password | test3.cpp:228:26:228:33 | password |
-| test3.cpp:239:7:239:14 | password | test3.cpp:241:8:241:15 | password |
-| test3.cpp:252:8:252:16 | password1 | test3.cpp:254:15:254:23 | password1 |
-| test3.cpp:252:8:252:16 | password1 | test3.cpp:256:3:256:19 | call to decrypt_to_buffer |
-| test3.cpp:252:8:252:16 | password1 | test3.cpp:256:21:256:29 | password1 |
-| test3.cpp:252:24:252:32 | password2 | test3.cpp:256:3:256:19 | call to decrypt_to_buffer |
-| test3.cpp:252:24:252:32 | password2 | test3.cpp:256:32:256:40 | password2 |
-| test3.cpp:260:8:260:16 | password1 | test3.cpp:262:3:262:19 | call to encrypt_to_buffer |
-| test3.cpp:260:8:260:16 | password1 | test3.cpp:262:21:262:29 | password1 |
-| test3.cpp:260:24:260:32 | password2 | test3.cpp:262:3:262:19 | call to encrypt_to_buffer |
-| test3.cpp:260:24:260:32 | password2 | test3.cpp:262:32:262:40 | password2 |
-| test3.cpp:260:24:260:32 | password2 | test3.cpp:264:15:264:23 | password2 |
-| test3.cpp:268:19:268:26 | password | test3.cpp:272:15:272:18 | data |
-| test3.cpp:278:20:278:23 | data | test3.cpp:278:20:278:23 | data |
+| test3.cpp:225:34:225:41 | password | test3.cpp:228:26:228:33 | password |
+| test3.cpp:239:7:239:14 | Uninitialized | test3.cpp:241:8:241:15 | password |
+| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:254:15:254:23 | array to pointer conversion |
+| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:254:15:254:23 | password1 |
+| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:256:3:256:19 | call to decrypt_to_buffer |
+| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:256:21:256:29 | array to pointer conversion |
+| test3.cpp:252:8:252:16 | Uninitialized | test3.cpp:256:21:256:29 | password1 |
+| test3.cpp:252:24:252:32 | Uninitialized | test3.cpp:256:3:256:19 | call to decrypt_to_buffer |
+| test3.cpp:252:24:252:32 | Uninitialized | test3.cpp:256:32:256:40 | password2 |
+| test3.cpp:260:8:260:16 | Uninitialized | test3.cpp:262:3:262:19 | call to encrypt_to_buffer |
+| test3.cpp:260:8:260:16 | Uninitialized | test3.cpp:262:21:262:29 | array to pointer conversion |
+| test3.cpp:260:8:260:16 | Uninitialized | test3.cpp:262:21:262:29 | password1 |
+| test3.cpp:260:24:260:32 | Uninitialized | test3.cpp:262:3:262:19 | call to encrypt_to_buffer |
+| test3.cpp:260:24:260:32 | Uninitialized | test3.cpp:262:32:262:40 | password2 |
+| test3.cpp:260:24:260:32 | Uninitialized | test3.cpp:264:15:264:23 | array to pointer conversion |
+| test3.cpp:260:24:260:32 | Uninitialized | test3.cpp:264:15:264:23 | password2 |
+| test3.cpp:268:19:268:26 | Uninitialized | test3.cpp:272:15:272:18 | array to pointer conversion |
+| test3.cpp:268:19:268:26 | Uninitialized | test3.cpp:272:15:272:18 | data |
 | test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data |
-| test3.cpp:283:20:283:23 | data | test3.cpp:283:20:283:23 | data |
+| test3.cpp:278:20:278:23 | data | test3.cpp:280:14:280:17 | data |
+| test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data |
 | test3.cpp:283:20:283:23 | data | test3.cpp:285:14:285:17 | data |
 | test3.cpp:288:20:288:23 | data | test3.cpp:290:14:290:17 | data |
-| test3.cpp:293:20:293:23 | data | test3.cpp:293:20:293:23 | data |
+| test3.cpp:288:20:288:23 | data | test3.cpp:290:14:290:17 | data |
 | test3.cpp:293:20:293:23 | data | test3.cpp:295:14:295:17 | data |
+| test3.cpp:293:20:293:23 | data | test3.cpp:295:14:295:17 | data |
+| test3.cpp:298:20:298:23 | data | test3.cpp:300:14:300:17 | data |
 | test3.cpp:298:20:298:23 | data | test3.cpp:300:14:300:17 | data |
 | test3.cpp:308:41:308:49 | password1 | test3.cpp:312:3:312:17 | call to encrypt_inplace |
 | test3.cpp:308:41:308:49 | password1 | test3.cpp:312:19:312:27 | password1 |
@@ -68,38 +88,75 @@ edges
 | test3.cpp:308:58:308:66 | password2 | test3.cpp:324:11:324:14 | data |
 | test3.cpp:308:58:308:66 | password2 | test3.cpp:325:11:325:14 | data |
 | test3.cpp:313:11:313:19 | password1 | test3.cpp:278:20:278:23 | data |
-| test3.cpp:313:11:313:19 | password1 | test3.cpp:313:11:313:19 | ref arg password1 |
-| test3.cpp:313:11:313:19 | ref arg password1 | test3.cpp:314:11:314:19 | password1 |
 | test3.cpp:314:11:314:19 | password1 | test3.cpp:283:20:283:23 | data |
 | test3.cpp:316:11:316:19 | password1 | test3.cpp:283:20:283:23 | data |
-| test3.cpp:316:11:316:19 | password1 | test3.cpp:316:11:316:19 | ref arg password1 |
-| test3.cpp:316:11:316:19 | ref arg password1 | test3.cpp:317:11:317:19 | password1 |
 | test3.cpp:317:11:317:19 | password1 | test3.cpp:288:20:288:23 | data |
 | test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data |
-| test3.cpp:324:11:324:14 | data | test3.cpp:324:11:324:14 | ref arg data |
-| test3.cpp:324:11:324:14 | ref arg data | test3.cpp:325:11:325:14 | data |
 | test3.cpp:325:11:325:14 | data | test3.cpp:298:20:298:23 | data |
-| test3.cpp:339:9:339:16 | password | test3.cpp:341:16:341:23 | password |
-| test3.cpp:350:9:350:16 | password | test3.cpp:352:16:352:23 | password |
-| test3.cpp:350:9:350:16 | password | test3.cpp:353:4:353:18 | call to decrypt_inplace |
-| test3.cpp:350:9:350:16 | password | test3.cpp:353:20:353:27 | password |
-| test3.cpp:366:8:366:15 | password | test3.cpp:368:15:368:22 | password |
-| test3.cpp:366:8:366:15 | password | test3.cpp:374:3:374:18 | call to SecureZeroBuffer |
-| test3.cpp:366:8:366:15 | password | test3.cpp:374:20:374:27 | password |
-| test3.cpp:386:8:386:15 | password | test3.cpp:388:15:388:22 | password |
-| test3.cpp:398:18:398:25 | password | test3.cpp:400:15:400:23 | & ... |
-| test3.cpp:398:18:398:25 | password | test3.cpp:400:16:400:23 | password |
-| test3.cpp:398:18:398:25 | password | test3.cpp:400:33:400:40 | password |
+| test3.cpp:339:9:339:16 | Uninitialized | test3.cpp:341:16:341:23 | array to pointer conversion |
+| test3.cpp:339:9:339:16 | Uninitialized | test3.cpp:341:16:341:23 | password |
+| test3.cpp:350:9:350:16 | Uninitialized | test3.cpp:352:16:352:23 | array to pointer conversion |
+| test3.cpp:350:9:350:16 | Uninitialized | test3.cpp:352:16:352:23 | password |
+| test3.cpp:350:9:350:16 | Uninitialized | test3.cpp:353:4:353:18 | call to decrypt_inplace |
+| test3.cpp:350:9:350:16 | Uninitialized | test3.cpp:353:20:353:27 | password |
+| test3.cpp:366:8:366:15 | Uninitialized | test3.cpp:368:15:368:22 | array to pointer conversion |
+| test3.cpp:366:8:366:15 | Uninitialized | test3.cpp:368:15:368:22 | password |
+| test3.cpp:366:8:366:15 | Uninitialized | test3.cpp:374:3:374:18 | call to SecureZeroBuffer |
+| test3.cpp:366:8:366:15 | Uninitialized | test3.cpp:374:20:374:27 | password |
+| test3.cpp:386:8:386:15 | Uninitialized | test3.cpp:388:15:388:22 | array to pointer conversion |
+| test3.cpp:386:8:386:15 | Uninitialized | test3.cpp:388:15:388:22 | password |
+| test3.cpp:398:18:398:25 | Uninitialized | test3.cpp:400:15:400:23 | & ... |
+| test3.cpp:398:18:398:25 | Uninitialized | test3.cpp:400:15:400:23 | & ... |
+| test3.cpp:414:15:414:24 | array to pointer conversion | test3.cpp:414:15:414:24 | password |
+| test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | array to pointer conversion |
+| test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | array to pointer conversion |
+| test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | password |
+| test3.cpp:420:15:420:24 | array to pointer conversion | test3.cpp:420:15:420:24 | password |
+| test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | array to pointer conversion |
+| test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | array to pointer conversion |
+| test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | password |
+| test3.cpp:421:19:421:28 | password | test3.cpp:421:3:421:17 | call to decrypt_inplace |
 | test3.cpp:421:21:421:28 | password | test3.cpp:421:3:421:17 | call to decrypt_inplace |
-| test3.cpp:429:7:429:14 | password | test3.cpp:431:8:431:15 | password |
+| test3.cpp:421:21:421:28 | password | test3.cpp:421:19:421:28 | password |
+| test3.cpp:421:21:421:28 | password | test3.cpp:421:19:421:28 | password |
+| test3.cpp:429:7:429:14 | Uninitialized | test3.cpp:431:8:431:15 | password |
+| test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:14:507:39 | social_security_number |
+| test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:14:508:33 | socialSecurityNo |
+| test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:14:509:29 | homePostCode |
+| test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:14:510:28 | my_zip_code |
+| test3.cpp:511:18:511:26 | telephone | test3.cpp:511:14:511:26 | telephone |
+| test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:14:512:36 | mobile_phone_number |
+| test3.cpp:513:18:513:22 | email | test3.cpp:513:14:513:22 | email |
+| test3.cpp:514:18:514:38 | my_credit_card_number | test3.cpp:514:14:514:38 | my_credit_card_number |
+| test3.cpp:515:18:515:35 | my_bank_account_no | test3.cpp:515:14:515:35 | my_bank_account_no |
+| test3.cpp:516:18:516:29 | employerName | test3.cpp:516:14:516:29 | employerName |
+| test3.cpp:517:14:517:29 | array to pointer conversion | test3.cpp:517:14:517:29 | medical_info |
+| test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | array to pointer conversion |
+| test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | array to pointer conversion |
+| test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | medical_info |
+| test3.cpp:518:18:518:28 | license_key | test3.cpp:518:14:518:28 | license_key |
+| test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | array to pointer conversion |
 | test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | buffer |
+| test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | array to pointer conversion |
 | test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | buffer |
+| test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | array to pointer conversion |
 | test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | buffer |
+| test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | array to pointer conversion |
 | test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | buffer |
 | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str |
+| test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str |
 | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str |
+| test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str |
+| test.cpp:41:23:41:43 | (char *)... | test.cpp:48:21:48:27 | call to encrypt |
+| test.cpp:41:23:41:43 | (char *)... | test.cpp:48:29:48:39 | thePassword |
+| test.cpp:41:23:41:43 | array to pointer conversion | test.cpp:48:21:48:27 | call to encrypt |
+| test.cpp:41:23:41:43 | array to pointer conversion | test.cpp:48:29:48:39 | thePassword |
 | test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:21:48:27 | call to encrypt |
 | test.cpp:41:23:41:43 | cleartext password! | test.cpp:48:29:48:39 | thePassword |
+| test.cpp:66:23:66:43 | (char *)... | test.cpp:76:21:76:27 | call to encrypt |
+| test.cpp:66:23:66:43 | (char *)... | test.cpp:76:29:76:39 | thePassword |
+| test.cpp:66:23:66:43 | array to pointer conversion | test.cpp:76:21:76:27 | call to encrypt |
+| test.cpp:66:23:66:43 | array to pointer conversion | test.cpp:76:29:76:39 | thePassword |
 | test.cpp:66:23:66:43 | cleartext password! | test.cpp:76:21:76:27 | call to encrypt |
 | test.cpp:66:23:66:43 | cleartext password! | test.cpp:76:29:76:39 | thePassword |
 nodes
@@ -109,196 +166,316 @@ nodes
 | test3.cpp:17:28:17:36 | password1 | semmle.label | password1 |
 | test3.cpp:17:51:17:59 | password2 | semmle.label | password2 |
 | test3.cpp:22:15:22:23 | password1 | semmle.label | password1 |
+| test3.cpp:22:15:22:23 | password1 | semmle.label | password1 |
 | test3.cpp:26:15:26:23 | password2 | semmle.label | password2 |
-| test3.cpp:45:8:45:15 | password | semmle.label | password |
+| test3.cpp:26:15:26:23 | password2 | semmle.label | password2 |
+| test3.cpp:45:8:45:15 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:47:15:47:22 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:47:15:47:22 | password | semmle.label | password |
-| test3.cpp:53:8:53:15 | password | semmle.label | password |
+| test3.cpp:53:8:53:15 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:55:15:55:22 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:55:15:55:22 | password | semmle.label | password |
 | test3.cpp:71:32:71:40 | password1 | semmle.label | password1 |
 | test3.cpp:76:15:76:17 | ptr | semmle.label | ptr |
-| test3.cpp:80:8:80:15 | password | semmle.label | password |
+| test3.cpp:76:15:76:17 | ptr | semmle.label | ptr |
+| test3.cpp:80:8:80:15 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:83:15:83:17 | ptr | semmle.label | ptr |
-| test3.cpp:98:8:98:15 | password | semmle.label | password |
+| test3.cpp:83:15:83:17 | ptr | semmle.label | ptr |
+| test3.cpp:98:8:98:15 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:101:12:101:19 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:101:12:101:19 | password | semmle.label | password |
 | test3.cpp:112:20:112:25 | buffer | semmle.label | buffer |
+| test3.cpp:112:20:112:25 | buffer indirection | semmle.label | buffer indirection |
 | test3.cpp:114:14:114:19 | buffer | semmle.label | buffer |
-| test3.cpp:117:28:117:33 | buffer | semmle.label | buffer |
-| test3.cpp:119:9:119:14 | buffer | semmle.label | buffer |
+| test3.cpp:114:14:114:19 | buffer | semmle.label | buffer |
+| test3.cpp:124:7:124:20 | VariableAddress indirection | semmle.label | VariableAddress indirection |
 | test3.cpp:126:9:126:23 | global_password | semmle.label | global_password |
 | test3.cpp:129:39:129:47 | password1 | semmle.label | password1 |
-| test3.cpp:132:8:132:15 | password | semmle.label | password |
+| test3.cpp:132:8:132:15 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:134:11:134:18 | password | semmle.label | password |
-| test3.cpp:138:21:138:22 | call to id | semmle.label | call to id |
+| test3.cpp:134:11:134:18 | password indirection | semmle.label | password indirection |
 | test3.cpp:138:24:138:32 | password1 | semmle.label | password1 |
 | test3.cpp:140:15:140:17 | ptr | semmle.label | ptr |
-| test3.cpp:144:16:144:29 | call to get_global_str | semmle.label | call to get_global_str |
+| test3.cpp:140:15:140:17 | ptr | semmle.label | ptr |
 | test3.cpp:146:15:146:18 | data | semmle.label | data |
-| test3.cpp:152:29:152:36 | password | semmle.label | password |
-| test3.cpp:159:15:159:20 | buffer | semmle.label | buffer |
-| test3.cpp:171:8:171:15 | password | semmle.label | password |
+| test3.cpp:146:15:146:18 | data | semmle.label | data |
+| test3.cpp:171:8:171:15 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:173:15:173:22 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:173:15:173:22 | password | semmle.label | password |
 | test3.cpp:175:3:175:17 | call to decrypt_inplace | semmle.label | call to decrypt_inplace |
 | test3.cpp:175:19:175:26 | password | semmle.label | password |
-| test3.cpp:179:8:179:15 | password | semmle.label | password |
+| test3.cpp:179:8:179:15 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:181:15:181:22 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:181:15:181:22 | password | semmle.label | password |
-| test3.cpp:184:3:184:17 | call to decrypt_inplace | semmle.label | call to decrypt_inplace |
-| test3.cpp:184:19:184:26 | password | semmle.label | password |
-| test3.cpp:188:8:188:15 | password | semmle.label | password |
+| test3.cpp:188:8:188:15 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:191:15:191:22 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:191:15:191:22 | password | semmle.label | password |
 | test3.cpp:193:18:193:28 | call to rtn_decrypt | semmle.label | call to rtn_decrypt |
+| test3.cpp:193:30:193:37 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:193:30:193:37 | password | semmle.label | password |
-| test3.cpp:197:8:197:15 | password | semmle.label | password |
+| test3.cpp:197:8:197:15 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:199:3:199:17 | call to encrypt_inplace | semmle.label | call to encrypt_inplace |
 | test3.cpp:199:19:199:26 | password | semmle.label | password |
+| test3.cpp:201:15:201:22 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:201:15:201:22 | password | semmle.label | password |
-| test3.cpp:205:8:205:15 | password | semmle.label | password |
+| test3.cpp:205:8:205:15 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:207:3:207:17 | call to encrypt_inplace | semmle.label | call to encrypt_inplace |
 | test3.cpp:207:19:207:26 | password | semmle.label | password |
-| test3.cpp:210:15:210:22 | password | semmle.label | password |
-| test3.cpp:214:8:214:15 | password | semmle.label | password |
-| test3.cpp:217:18:217:28 | call to rtn_encrypt | semmle.label | call to rtn_encrypt |
+| test3.cpp:214:8:214:15 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:217:18:217:28 | call to rtn_encrypt | semmle.label | call to rtn_encrypt |
+| test3.cpp:217:30:217:37 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:217:30:217:37 | password | semmle.label | password |
 | test3.cpp:219:15:219:26 | password_ptr | semmle.label | password_ptr |
+| test3.cpp:219:15:219:26 | password_ptr | semmle.label | password_ptr |
 | test3.cpp:225:34:225:41 | password | semmle.label | password |
 | test3.cpp:228:26:228:33 | password | semmle.label | password |
-| test3.cpp:239:7:239:14 | password | semmle.label | password |
+| test3.cpp:228:26:228:33 | password | semmle.label | password |
+| test3.cpp:239:7:239:14 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:241:8:241:15 | password | semmle.label | password |
-| test3.cpp:252:8:252:16 | password1 | semmle.label | password1 |
-| test3.cpp:252:24:252:32 | password2 | semmle.label | password2 |
+| test3.cpp:252:8:252:16 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:252:24:252:32 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:254:15:254:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:254:15:254:23 | password1 | semmle.label | password1 |
 | test3.cpp:256:3:256:19 | call to decrypt_to_buffer | semmle.label | call to decrypt_to_buffer |
+| test3.cpp:256:21:256:29 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:256:21:256:29 | password1 | semmle.label | password1 |
 | test3.cpp:256:32:256:40 | password2 | semmle.label | password2 |
-| test3.cpp:260:8:260:16 | password1 | semmle.label | password1 |
-| test3.cpp:260:24:260:32 | password2 | semmle.label | password2 |
+| test3.cpp:260:8:260:16 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:260:24:260:32 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:262:3:262:19 | call to encrypt_to_buffer | semmle.label | call to encrypt_to_buffer |
+| test3.cpp:262:21:262:29 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:262:21:262:29 | password1 | semmle.label | password1 |
 | test3.cpp:262:32:262:40 | password2 | semmle.label | password2 |
+| test3.cpp:264:15:264:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:264:15:264:23 | password2 | semmle.label | password2 |
-| test3.cpp:268:19:268:26 | password | semmle.label | password |
+| test3.cpp:268:19:268:26 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:272:15:272:18 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:272:15:272:18 | data | semmle.label | data |
 | test3.cpp:278:20:278:23 | data | semmle.label | data |
-| test3.cpp:278:20:278:23 | data | semmle.label | data |
+| test3.cpp:280:14:280:17 | data | semmle.label | data |
 | test3.cpp:280:14:280:17 | data | semmle.label | data |
 | test3.cpp:283:20:283:23 | data | semmle.label | data |
-| test3.cpp:283:20:283:23 | data | semmle.label | data |
+| test3.cpp:285:14:285:17 | data | semmle.label | data |
 | test3.cpp:285:14:285:17 | data | semmle.label | data |
 | test3.cpp:288:20:288:23 | data | semmle.label | data |
 | test3.cpp:290:14:290:17 | data | semmle.label | data |
-| test3.cpp:293:20:293:23 | data | semmle.label | data |
+| test3.cpp:290:14:290:17 | data | semmle.label | data |
 | test3.cpp:293:20:293:23 | data | semmle.label | data |
 | test3.cpp:295:14:295:17 | data | semmle.label | data |
+| test3.cpp:295:14:295:17 | data | semmle.label | data |
 | test3.cpp:298:20:298:23 | data | semmle.label | data |
 | test3.cpp:300:14:300:17 | data | semmle.label | data |
+| test3.cpp:300:14:300:17 | data | semmle.label | data |
 | test3.cpp:308:41:308:49 | password1 | semmle.label | password1 |
 | test3.cpp:308:58:308:66 | password2 | semmle.label | password2 |
 | test3.cpp:312:3:312:17 | call to encrypt_inplace | semmle.label | call to encrypt_inplace |
 | test3.cpp:312:19:312:27 | password1 | semmle.label | password1 |
 | test3.cpp:313:11:313:19 | password1 | semmle.label | password1 |
-| test3.cpp:313:11:313:19 | ref arg password1 | semmle.label | ref arg password1 |
 | test3.cpp:314:11:314:19 | password1 | semmle.label | password1 |
 | test3.cpp:316:11:316:19 | password1 | semmle.label | password1 |
-| test3.cpp:316:11:316:19 | ref arg password1 | semmle.label | ref arg password1 |
 | test3.cpp:317:11:317:19 | password1 | semmle.label | password1 |
 | test3.cpp:324:11:324:14 | data | semmle.label | data |
-| test3.cpp:324:11:324:14 | ref arg data | semmle.label | ref arg data |
 | test3.cpp:325:11:325:14 | data | semmle.label | data |
-| test3.cpp:339:9:339:16 | password | semmle.label | password |
+| test3.cpp:339:9:339:16 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:341:16:341:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:341:16:341:23 | password | semmle.label | password |
-| test3.cpp:350:9:350:16 | password | semmle.label | password |
+| test3.cpp:350:9:350:16 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:352:16:352:23 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:352:16:352:23 | password | semmle.label | password |
 | test3.cpp:353:4:353:18 | call to decrypt_inplace | semmle.label | call to decrypt_inplace |
 | test3.cpp:353:20:353:27 | password | semmle.label | password |
-| test3.cpp:366:8:366:15 | password | semmle.label | password |
+| test3.cpp:366:8:366:15 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:368:15:368:22 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:368:15:368:22 | password | semmle.label | password |
 | test3.cpp:374:3:374:18 | call to SecureZeroBuffer | semmle.label | call to SecureZeroBuffer |
 | test3.cpp:374:20:374:27 | password | semmle.label | password |
-| test3.cpp:386:8:386:15 | password | semmle.label | password |
+| test3.cpp:386:8:386:15 | Uninitialized | semmle.label | Uninitialized |
+| test3.cpp:388:15:388:22 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:388:15:388:22 | password | semmle.label | password |
-| test3.cpp:398:18:398:25 | password | semmle.label | password |
+| test3.cpp:398:18:398:25 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:400:15:400:23 | & ... | semmle.label | & ... |
-| test3.cpp:400:16:400:23 | password | semmle.label | password |
-| test3.cpp:400:33:400:40 | password | semmle.label | password |
+| test3.cpp:400:15:400:23 | & ... | semmle.label | & ... |
+| test3.cpp:414:15:414:24 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test3.cpp:414:15:414:24 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test3.cpp:414:15:414:24 | password | semmle.label | password |
 | test3.cpp:414:17:414:24 | password | semmle.label | password |
+| test3.cpp:414:17:414:24 | password | semmle.label | password |
+| test3.cpp:420:15:420:24 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test3.cpp:420:15:420:24 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test3.cpp:420:15:420:24 | password | semmle.label | password |
+| test3.cpp:420:17:420:24 | password | semmle.label | password |
 | test3.cpp:420:17:420:24 | password | semmle.label | password |
 | test3.cpp:421:3:421:17 | call to decrypt_inplace | semmle.label | call to decrypt_inplace |
+| test3.cpp:421:19:421:28 | password | semmle.label | password |
+| test3.cpp:421:19:421:28 | password | semmle.label | password |
 | test3.cpp:421:21:421:28 | password | semmle.label | password |
 | test3.cpp:421:21:421:28 | password | semmle.label | password |
-| test3.cpp:429:7:429:14 | password | semmle.label | password |
+| test3.cpp:429:7:429:14 | Uninitialized | semmle.label | Uninitialized |
 | test3.cpp:431:8:431:15 | password | semmle.label | password |
+| test3.cpp:507:14:507:39 | social_security_number | semmle.label | social_security_number |
 | test3.cpp:507:18:507:39 | social_security_number | semmle.label | social_security_number |
+| test3.cpp:507:18:507:39 | social_security_number | semmle.label | social_security_number |
+| test3.cpp:508:14:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
 | test3.cpp:508:18:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
+| test3.cpp:508:18:508:33 | socialSecurityNo | semmle.label | socialSecurityNo |
+| test3.cpp:509:14:509:29 | homePostCode | semmle.label | homePostCode |
 | test3.cpp:509:18:509:29 | homePostCode | semmle.label | homePostCode |
+| test3.cpp:509:18:509:29 | homePostCode | semmle.label | homePostCode |
+| test3.cpp:510:14:510:28 | my_zip_code | semmle.label | my_zip_code |
 | test3.cpp:510:18:510:28 | my_zip_code | semmle.label | my_zip_code |
+| test3.cpp:510:18:510:28 | my_zip_code | semmle.label | my_zip_code |
+| test3.cpp:511:14:511:26 | telephone | semmle.label | telephone |
 | test3.cpp:511:18:511:26 | telephone | semmle.label | telephone |
+| test3.cpp:511:18:511:26 | telephone | semmle.label | telephone |
+| test3.cpp:512:14:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
 | test3.cpp:512:18:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
+| test3.cpp:512:18:512:36 | mobile_phone_number | semmle.label | mobile_phone_number |
+| test3.cpp:513:14:513:22 | email | semmle.label | email |
 | test3.cpp:513:18:513:22 | email | semmle.label | email |
+| test3.cpp:513:18:513:22 | email | semmle.label | email |
+| test3.cpp:514:14:514:38 | my_credit_card_number | semmle.label | my_credit_card_number |
 | test3.cpp:514:18:514:38 | my_credit_card_number | semmle.label | my_credit_card_number |
+| test3.cpp:514:18:514:38 | my_credit_card_number | semmle.label | my_credit_card_number |
+| test3.cpp:515:14:515:35 | my_bank_account_no | semmle.label | my_bank_account_no |
 | test3.cpp:515:18:515:35 | my_bank_account_no | semmle.label | my_bank_account_no |
+| test3.cpp:515:18:515:35 | my_bank_account_no | semmle.label | my_bank_account_no |
+| test3.cpp:516:14:516:29 | employerName | semmle.label | employerName |
 | test3.cpp:516:18:516:29 | employerName | semmle.label | employerName |
+| test3.cpp:516:18:516:29 | employerName | semmle.label | employerName |
+| test3.cpp:517:14:517:29 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test3.cpp:517:14:517:29 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test3.cpp:517:14:517:29 | medical_info | semmle.label | medical_info |
 | test3.cpp:517:18:517:29 | medical_info | semmle.label | medical_info |
+| test3.cpp:517:18:517:29 | medical_info | semmle.label | medical_info |
+| test3.cpp:518:14:518:28 | license_key | semmle.label | license_key |
+| test3.cpp:518:18:518:28 | license_key | semmle.label | license_key |
 | test3.cpp:518:18:518:28 | license_key | semmle.label | license_key |
 | test3.cpp:526:44:526:54 | my_latitude | semmle.label | my_latitude |
+| test3.cpp:527:15:527:20 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:527:15:527:20 | buffer | semmle.label | buffer |
 | test3.cpp:532:45:532:58 | home_longitude | semmle.label | home_longitude |
+| test3.cpp:533:15:533:20 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:533:15:533:20 | buffer | semmle.label | buffer |
 | test3.cpp:551:47:551:58 | salaryString | semmle.label | salaryString |
+| test3.cpp:552:15:552:20 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:552:15:552:20 | buffer | semmle.label | buffer |
 | test3.cpp:556:19:556:30 | salaryString | semmle.label | salaryString |
+| test3.cpp:559:15:559:20 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test3.cpp:559:15:559:20 | buffer | semmle.label | buffer |
 | test3.cpp:571:8:571:21 | call to get_home_phone | semmle.label | call to get_home_phone |
 | test3.cpp:572:14:572:16 | str | semmle.label | str |
+| test3.cpp:572:14:572:16 | str | semmle.label | str |
 | test3.cpp:577:8:577:23 | call to get_home_address | semmle.label | call to get_home_address |
 | test3.cpp:578:14:578:16 | str | semmle.label | str |
+| test3.cpp:578:14:578:16 | str | semmle.label | str |
+| test.cpp:41:23:41:43 | (char *)... | semmle.label | (char *)... |
+| test.cpp:41:23:41:43 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:41:23:41:43 | cleartext password! | semmle.label | cleartext password! |
 | test.cpp:48:21:48:27 | call to encrypt | semmle.label | call to encrypt |
 | test.cpp:48:29:48:39 | thePassword | semmle.label | thePassword |
+| test.cpp:66:23:66:43 | (char *)... | semmle.label | (char *)... |
+| test.cpp:66:23:66:43 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:66:23:66:43 | cleartext password! | semmle.label | cleartext password! |
 | test.cpp:76:21:76:27 | call to encrypt | semmle.label | call to encrypt |
 | test.cpp:76:29:76:39 | thePassword | semmle.label | thePassword |
 subpaths
-| test3.cpp:138:24:138:32 | password1 | test3.cpp:117:28:117:33 | buffer | test3.cpp:119:9:119:14 | buffer | test3.cpp:138:21:138:22 | call to id |
-| test3.cpp:313:11:313:19 | password1 | test3.cpp:278:20:278:23 | data | test3.cpp:278:20:278:23 | data | test3.cpp:313:11:313:19 | ref arg password1 |
-| test3.cpp:316:11:316:19 | password1 | test3.cpp:283:20:283:23 | data | test3.cpp:283:20:283:23 | data | test3.cpp:316:11:316:19 | ref arg password1 |
-| test3.cpp:324:11:324:14 | data | test3.cpp:293:20:293:23 | data | test3.cpp:293:20:293:23 | data | test3.cpp:324:11:324:14 | ref arg data |
 #select
 | test3.cpp:22:3:22:6 | call to send | test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:17:28:17:36 | password1 | password1 |
+| test3.cpp:22:3:22:6 | call to send | test3.cpp:17:28:17:36 | password1 | test3.cpp:22:15:22:23 | password1 | This operation transmits 'password1', which may contain unencrypted sensitive data from $@. | test3.cpp:17:28:17:36 | password1 | password1 |
 | test3.cpp:26:3:26:6 | call to send | test3.cpp:17:51:17:59 | password2 | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:17:51:17:59 | password2 | password2 |
-| test3.cpp:47:3:47:6 | call to recv | test3.cpp:45:8:45:15 | password | test3.cpp:47:15:47:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:45:8:45:15 | password | password |
-| test3.cpp:55:3:55:6 | call to recv | test3.cpp:53:8:53:15 | password | test3.cpp:55:15:55:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:53:8:53:15 | password | password |
+| test3.cpp:26:3:26:6 | call to send | test3.cpp:17:51:17:59 | password2 | test3.cpp:26:15:26:23 | password2 | This operation transmits 'password2', which may contain unencrypted sensitive data from $@. | test3.cpp:17:51:17:59 | password2 | password2 |
+| test3.cpp:47:3:47:6 | call to recv | test3.cpp:45:8:45:15 | Uninitialized | test3.cpp:47:15:47:22 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:45:8:45:15 | Uninitialized | Uninitialized |
+| test3.cpp:47:3:47:6 | call to recv | test3.cpp:45:8:45:15 | Uninitialized | test3.cpp:47:15:47:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:45:8:45:15 | Uninitialized | Uninitialized |
+| test3.cpp:55:3:55:6 | call to recv | test3.cpp:53:8:53:15 | Uninitialized | test3.cpp:55:15:55:22 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:53:8:53:15 | Uninitialized | Uninitialized |
+| test3.cpp:55:3:55:6 | call to recv | test3.cpp:53:8:53:15 | Uninitialized | test3.cpp:55:15:55:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:53:8:53:15 | Uninitialized | Uninitialized |
 | test3.cpp:76:3:76:6 | call to send | test3.cpp:71:32:71:40 | password1 | test3.cpp:76:15:76:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:71:32:71:40 | password1 | password1 |
-| test3.cpp:83:3:83:6 | call to recv | test3.cpp:80:8:80:15 | password | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:80:8:80:15 | password | password |
-| test3.cpp:101:3:101:6 | call to read | test3.cpp:98:8:98:15 | password | test3.cpp:101:12:101:19 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:98:8:98:15 | password | password |
-| test3.cpp:114:2:114:5 | call to recv | test3.cpp:132:8:132:15 | password | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:132:8:132:15 | password | password |
+| test3.cpp:76:3:76:6 | call to send | test3.cpp:71:32:71:40 | password1 | test3.cpp:76:15:76:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:71:32:71:40 | password1 | password1 |
+| test3.cpp:83:3:83:6 | call to recv | test3.cpp:80:8:80:15 | Uninitialized | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:80:8:80:15 | Uninitialized | Uninitialized |
+| test3.cpp:83:3:83:6 | call to recv | test3.cpp:80:8:80:15 | Uninitialized | test3.cpp:83:15:83:17 | ptr | This operation receives into 'ptr', which may put unencrypted sensitive data into $@. | test3.cpp:80:8:80:15 | Uninitialized | Uninitialized |
+| test3.cpp:101:3:101:6 | call to read | test3.cpp:98:8:98:15 | Uninitialized | test3.cpp:101:12:101:19 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:98:8:98:15 | Uninitialized | Uninitialized |
+| test3.cpp:101:3:101:6 | call to read | test3.cpp:98:8:98:15 | Uninitialized | test3.cpp:101:12:101:19 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:98:8:98:15 | Uninitialized | Uninitialized |
+| test3.cpp:114:2:114:5 | call to recv | test3.cpp:132:8:132:15 | Uninitialized | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:132:8:132:15 | Uninitialized | Uninitialized |
+| test3.cpp:114:2:114:5 | call to recv | test3.cpp:132:8:132:15 | Uninitialized | test3.cpp:114:14:114:19 | buffer | This operation receives into 'buffer', which may put unencrypted sensitive data into $@. | test3.cpp:132:8:132:15 | Uninitialized | Uninitialized |
+| test3.cpp:140:3:140:6 | call to send | test3.cpp:129:39:129:47 | password1 | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:129:39:129:47 | password1 | password1 |
 | test3.cpp:140:3:140:6 | call to send | test3.cpp:129:39:129:47 | password1 | test3.cpp:140:15:140:17 | ptr | This operation transmits 'ptr', which may contain unencrypted sensitive data from $@. | test3.cpp:129:39:129:47 | password1 | password1 |
 | test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | global_password | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | global_password | global_password |
-| test3.cpp:159:3:159:6 | call to send | test3.cpp:152:29:152:36 | password | test3.cpp:159:15:159:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:152:29:152:36 | password | password |
+| test3.cpp:146:3:146:6 | call to send | test3.cpp:126:9:126:23 | global_password | test3.cpp:146:15:146:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:126:9:126:23 | global_password | global_password |
+| test3.cpp:181:3:181:6 | call to recv | test3.cpp:179:8:179:15 | Uninitialized | test3.cpp:181:15:181:22 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:179:8:179:15 | Uninitialized | Uninitialized |
+| test3.cpp:181:3:181:6 | call to recv | test3.cpp:179:8:179:15 | Uninitialized | test3.cpp:181:15:181:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:179:8:179:15 | Uninitialized | Uninitialized |
 | test3.cpp:228:2:228:5 | call to send | test3.cpp:225:34:225:41 | password | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:225:34:225:41 | password | password |
-| test3.cpp:241:2:241:6 | call to fgets | test3.cpp:239:7:239:14 | password | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:239:7:239:14 | password | password |
-| test3.cpp:272:3:272:6 | call to send | test3.cpp:268:19:268:26 | password | test3.cpp:272:15:272:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:268:19:268:26 | password | password |
+| test3.cpp:228:2:228:5 | call to send | test3.cpp:225:34:225:41 | password | test3.cpp:228:26:228:33 | password | This operation transmits 'password', which may contain unencrypted sensitive data from $@. | test3.cpp:225:34:225:41 | password | password |
+| test3.cpp:241:2:241:6 | call to fgets | test3.cpp:239:7:239:14 | Uninitialized | test3.cpp:241:8:241:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:239:7:239:14 | Uninitialized | Uninitialized |
+| test3.cpp:272:3:272:6 | call to send | test3.cpp:268:19:268:26 | Uninitialized | test3.cpp:272:15:272:18 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:268:19:268:26 | Uninitialized | Uninitialized |
+| test3.cpp:272:3:272:6 | call to send | test3.cpp:268:19:268:26 | Uninitialized | test3.cpp:272:15:272:18 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:268:19:268:26 | Uninitialized | Uninitialized |
+| test3.cpp:295:2:295:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:308:58:308:66 | password2 | password2 |
 | test3.cpp:295:2:295:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:295:14:295:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:308:58:308:66 | password2 | password2 |
 | test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:308:58:308:66 | password2 | password2 |
-| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | password | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:339:9:339:16 | password | password |
-| test3.cpp:388:3:388:6 | call to recv | test3.cpp:386:8:386:15 | password | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:386:8:386:15 | password | password |
+| test3.cpp:300:2:300:5 | call to send | test3.cpp:308:58:308:66 | password2 | test3.cpp:300:14:300:17 | data | This operation transmits 'data', which may contain unencrypted sensitive data from $@. | test3.cpp:308:58:308:66 | password2 | password2 |
+| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | Uninitialized | test3.cpp:341:16:341:23 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:339:9:339:16 | Uninitialized | Uninitialized |
+| test3.cpp:341:4:341:7 | call to recv | test3.cpp:339:9:339:16 | Uninitialized | test3.cpp:341:16:341:23 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:339:9:339:16 | Uninitialized | Uninitialized |
+| test3.cpp:388:3:388:6 | call to recv | test3.cpp:386:8:386:15 | Uninitialized | test3.cpp:388:15:388:22 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:386:8:386:15 | Uninitialized | Uninitialized |
+| test3.cpp:388:3:388:6 | call to recv | test3.cpp:386:8:386:15 | Uninitialized | test3.cpp:388:15:388:22 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:386:8:386:15 | Uninitialized | Uninitialized |
+| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:15:414:24 | array to pointer conversion | test3.cpp:414:15:414:24 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:414:15:414:24 | array to pointer conversion | array to pointer conversion |
+| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:15:414:24 | array to pointer conversion | test3.cpp:414:15:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:15:414:24 | array to pointer conversion | array to pointer conversion |
+| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:15:414:24 | password | test3.cpp:414:15:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:15:414:24 | password | password |
+| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:414:17:414:24 | password | password |
+| test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:17:414:24 | password | test3.cpp:414:15:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:17:414:24 | password | password |
 | test3.cpp:414:3:414:6 | call to recv | test3.cpp:414:17:414:24 | password | test3.cpp:414:17:414:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:414:17:414:24 | password | password |
+| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:15:420:24 | array to pointer conversion | test3.cpp:420:15:420:24 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:420:15:420:24 | array to pointer conversion | array to pointer conversion |
+| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:15:420:24 | array to pointer conversion | test3.cpp:420:15:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:15:420:24 | array to pointer conversion | array to pointer conversion |
+| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:15:420:24 | password | test3.cpp:420:15:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:15:420:24 | password | password |
+| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | array to pointer conversion | This operation receives into 'array to pointer conversion', which may put unencrypted sensitive data into $@. | test3.cpp:420:17:420:24 | password | password |
+| test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:17:420:24 | password | test3.cpp:420:15:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:17:420:24 | password | password |
 | test3.cpp:420:3:420:6 | call to recv | test3.cpp:420:17:420:24 | password | test3.cpp:420:17:420:24 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:420:17:420:24 | password | password |
-| test3.cpp:431:2:431:6 | call to fgets | test3.cpp:429:7:429:14 | password | test3.cpp:431:8:431:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:429:7:429:14 | password | password |
+| test3.cpp:431:2:431:6 | call to fgets | test3.cpp:429:7:429:14 | Uninitialized | test3.cpp:431:8:431:15 | password | This operation receives into 'password', which may put unencrypted sensitive data into $@. | test3.cpp:429:7:429:14 | Uninitialized | Uninitialized |
+| test3.cpp:507:2:507:5 | call to send | test3.cpp:507:14:507:39 | social_security_number | test3.cpp:507:14:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@. | test3.cpp:507:14:507:39 | social_security_number | social_security_number |
+| test3.cpp:507:2:507:5 | call to send | test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:14:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@. | test3.cpp:507:18:507:39 | social_security_number | social_security_number |
 | test3.cpp:507:2:507:5 | call to send | test3.cpp:507:18:507:39 | social_security_number | test3.cpp:507:18:507:39 | social_security_number | This operation transmits 'social_security_number', which may contain unencrypted sensitive data from $@. | test3.cpp:507:18:507:39 | social_security_number | social_security_number |
+| test3.cpp:508:2:508:5 | call to send | test3.cpp:508:14:508:33 | socialSecurityNo | test3.cpp:508:14:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@. | test3.cpp:508:14:508:33 | socialSecurityNo | socialSecurityNo |
+| test3.cpp:508:2:508:5 | call to send | test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:14:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@. | test3.cpp:508:18:508:33 | socialSecurityNo | socialSecurityNo |
 | test3.cpp:508:2:508:5 | call to send | test3.cpp:508:18:508:33 | socialSecurityNo | test3.cpp:508:18:508:33 | socialSecurityNo | This operation transmits 'socialSecurityNo', which may contain unencrypted sensitive data from $@. | test3.cpp:508:18:508:33 | socialSecurityNo | socialSecurityNo |
+| test3.cpp:509:2:509:5 | call to send | test3.cpp:509:14:509:29 | homePostCode | test3.cpp:509:14:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@. | test3.cpp:509:14:509:29 | homePostCode | homePostCode |
+| test3.cpp:509:2:509:5 | call to send | test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:14:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@. | test3.cpp:509:18:509:29 | homePostCode | homePostCode |
 | test3.cpp:509:2:509:5 | call to send | test3.cpp:509:18:509:29 | homePostCode | test3.cpp:509:18:509:29 | homePostCode | This operation transmits 'homePostCode', which may contain unencrypted sensitive data from $@. | test3.cpp:509:18:509:29 | homePostCode | homePostCode |
+| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:14:510:28 | my_zip_code | test3.cpp:510:14:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@. | test3.cpp:510:14:510:28 | my_zip_code | my_zip_code |
+| test3.cpp:510:2:510:5 | call to send | test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:14:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@. | test3.cpp:510:18:510:28 | my_zip_code | my_zip_code |
 | test3.cpp:510:2:510:5 | call to send | test3.cpp:510:18:510:28 | my_zip_code | test3.cpp:510:18:510:28 | my_zip_code | This operation transmits 'my_zip_code', which may contain unencrypted sensitive data from $@. | test3.cpp:510:18:510:28 | my_zip_code | my_zip_code |
+| test3.cpp:511:2:511:5 | call to send | test3.cpp:511:14:511:26 | telephone | test3.cpp:511:14:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@. | test3.cpp:511:14:511:26 | telephone | telephone |
+| test3.cpp:511:2:511:5 | call to send | test3.cpp:511:18:511:26 | telephone | test3.cpp:511:14:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@. | test3.cpp:511:18:511:26 | telephone | telephone |
 | test3.cpp:511:2:511:5 | call to send | test3.cpp:511:18:511:26 | telephone | test3.cpp:511:18:511:26 | telephone | This operation transmits 'telephone', which may contain unencrypted sensitive data from $@. | test3.cpp:511:18:511:26 | telephone | telephone |
+| test3.cpp:512:2:512:5 | call to send | test3.cpp:512:14:512:36 | mobile_phone_number | test3.cpp:512:14:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@. | test3.cpp:512:14:512:36 | mobile_phone_number | mobile_phone_number |
+| test3.cpp:512:2:512:5 | call to send | test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:14:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@. | test3.cpp:512:18:512:36 | mobile_phone_number | mobile_phone_number |
 | test3.cpp:512:2:512:5 | call to send | test3.cpp:512:18:512:36 | mobile_phone_number | test3.cpp:512:18:512:36 | mobile_phone_number | This operation transmits 'mobile_phone_number', which may contain unencrypted sensitive data from $@. | test3.cpp:512:18:512:36 | mobile_phone_number | mobile_phone_number |
+| test3.cpp:513:2:513:5 | call to send | test3.cpp:513:14:513:22 | email | test3.cpp:513:14:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@. | test3.cpp:513:14:513:22 | email | email |
+| test3.cpp:513:2:513:5 | call to send | test3.cpp:513:18:513:22 | email | test3.cpp:513:14:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@. | test3.cpp:513:18:513:22 | email | email |
 | test3.cpp:513:2:513:5 | call to send | test3.cpp:513:18:513:22 | email | test3.cpp:513:18:513:22 | email | This operation transmits 'email', which may contain unencrypted sensitive data from $@. | test3.cpp:513:18:513:22 | email | email |
+| test3.cpp:514:2:514:5 | call to send | test3.cpp:514:14:514:38 | my_credit_card_number | test3.cpp:514:14:514:38 | my_credit_card_number | This operation transmits 'my_credit_card_number', which may contain unencrypted sensitive data from $@. | test3.cpp:514:14:514:38 | my_credit_card_number | my_credit_card_number |
+| test3.cpp:514:2:514:5 | call to send | test3.cpp:514:18:514:38 | my_credit_card_number | test3.cpp:514:14:514:38 | my_credit_card_number | This operation transmits 'my_credit_card_number', which may contain unencrypted sensitive data from $@. | test3.cpp:514:18:514:38 | my_credit_card_number | my_credit_card_number |
 | test3.cpp:514:2:514:5 | call to send | test3.cpp:514:18:514:38 | my_credit_card_number | test3.cpp:514:18:514:38 | my_credit_card_number | This operation transmits 'my_credit_card_number', which may contain unencrypted sensitive data from $@. | test3.cpp:514:18:514:38 | my_credit_card_number | my_credit_card_number |
+| test3.cpp:515:2:515:5 | call to send | test3.cpp:515:14:515:35 | my_bank_account_no | test3.cpp:515:14:515:35 | my_bank_account_no | This operation transmits 'my_bank_account_no', which may contain unencrypted sensitive data from $@. | test3.cpp:515:14:515:35 | my_bank_account_no | my_bank_account_no |
+| test3.cpp:515:2:515:5 | call to send | test3.cpp:515:18:515:35 | my_bank_account_no | test3.cpp:515:14:515:35 | my_bank_account_no | This operation transmits 'my_bank_account_no', which may contain unencrypted sensitive data from $@. | test3.cpp:515:18:515:35 | my_bank_account_no | my_bank_account_no |
 | test3.cpp:515:2:515:5 | call to send | test3.cpp:515:18:515:35 | my_bank_account_no | test3.cpp:515:18:515:35 | my_bank_account_no | This operation transmits 'my_bank_account_no', which may contain unencrypted sensitive data from $@. | test3.cpp:515:18:515:35 | my_bank_account_no | my_bank_account_no |
+| test3.cpp:516:2:516:5 | call to send | test3.cpp:516:14:516:29 | employerName | test3.cpp:516:14:516:29 | employerName | This operation transmits 'employerName', which may contain unencrypted sensitive data from $@. | test3.cpp:516:14:516:29 | employerName | employerName |
+| test3.cpp:516:2:516:5 | call to send | test3.cpp:516:18:516:29 | employerName | test3.cpp:516:14:516:29 | employerName | This operation transmits 'employerName', which may contain unencrypted sensitive data from $@. | test3.cpp:516:18:516:29 | employerName | employerName |
 | test3.cpp:516:2:516:5 | call to send | test3.cpp:516:18:516:29 | employerName | test3.cpp:516:18:516:29 | employerName | This operation transmits 'employerName', which may contain unencrypted sensitive data from $@. | test3.cpp:516:18:516:29 | employerName | employerName |
+| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | array to pointer conversion | test3.cpp:517:14:517:29 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | array to pointer conversion | array to pointer conversion |
+| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | array to pointer conversion | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | array to pointer conversion | array to pointer conversion |
+| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:14:517:29 | medical_info | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:14:517:29 | medical_info | medical_info |
+| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:517:18:517:29 | medical_info | medical_info |
+| test3.cpp:517:2:517:5 | call to send | test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:14:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:18:517:29 | medical_info | medical_info |
 | test3.cpp:517:2:517:5 | call to send | test3.cpp:517:18:517:29 | medical_info | test3.cpp:517:18:517:29 | medical_info | This operation transmits 'medical_info', which may contain unencrypted sensitive data from $@. | test3.cpp:517:18:517:29 | medical_info | medical_info |
+| test3.cpp:518:2:518:5 | call to send | test3.cpp:518:14:518:28 | license_key | test3.cpp:518:14:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:14:518:28 | license_key | license_key |
+| test3.cpp:518:2:518:5 | call to send | test3.cpp:518:18:518:28 | license_key | test3.cpp:518:14:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:18:518:28 | license_key | license_key |
 | test3.cpp:518:2:518:5 | call to send | test3.cpp:518:18:518:28 | license_key | test3.cpp:518:18:518:28 | license_key | This operation transmits 'license_key', which may contain unencrypted sensitive data from $@. | test3.cpp:518:18:518:28 | license_key | license_key |
+| test3.cpp:527:3:527:6 | call to send | test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:526:44:526:54 | my_latitude | my_latitude |
 | test3.cpp:527:3:527:6 | call to send | test3.cpp:526:44:526:54 | my_latitude | test3.cpp:527:15:527:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:526:44:526:54 | my_latitude | my_latitude |
+| test3.cpp:533:3:533:6 | call to send | test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:532:45:532:58 | home_longitude | home_longitude |
 | test3.cpp:533:3:533:6 | call to send | test3.cpp:532:45:532:58 | home_longitude | test3.cpp:533:15:533:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:532:45:532:58 | home_longitude | home_longitude |
+| test3.cpp:552:3:552:6 | call to send | test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:551:47:551:58 | salaryString | salaryString |
 | test3.cpp:552:3:552:6 | call to send | test3.cpp:551:47:551:58 | salaryString | test3.cpp:552:15:552:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:551:47:551:58 | salaryString | salaryString |
+| test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | array to pointer conversion | This operation transmits 'array to pointer conversion', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | salaryString | salaryString |
 | test3.cpp:559:3:559:6 | call to send | test3.cpp:556:19:556:30 | salaryString | test3.cpp:559:15:559:20 | buffer | This operation transmits 'buffer', which may contain unencrypted sensitive data from $@. | test3.cpp:556:19:556:30 | salaryString | salaryString |
 | test3.cpp:572:2:572:5 | call to send | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:571:8:571:21 | call to get_home_phone | call to get_home_phone |
+| test3.cpp:572:2:572:5 | call to send | test3.cpp:571:8:571:21 | call to get_home_phone | test3.cpp:572:14:572:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:571:8:571:21 | call to get_home_phone | call to get_home_phone |
+| test3.cpp:578:2:578:5 | call to send | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:577:8:577:23 | call to get_home_address | call to get_home_address |
 | test3.cpp:578:2:578:5 | call to send | test3.cpp:577:8:577:23 | call to get_home_address | test3.cpp:578:14:578:16 | str | This operation transmits 'str', which may contain unencrypted sensitive data from $@. | test3.cpp:577:8:577:23 | call to get_home_address | call to get_home_address |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-319/UseOfHttp/UseOfHttp.expected
@@ -1,30 +1,77 @@
 edges
 | test.cpp:11:26:11:28 | url | test.cpp:15:30:15:32 | url |
+| test.cpp:11:26:11:28 | url indirection | test.cpp:15:30:15:32 | url |
+| test.cpp:24:13:24:17 | url_g | test.cpp:38:11:38:15 | Load |
+| test.cpp:24:21:24:40 | Store | test.cpp:24:13:24:17 | url_g |
+| test.cpp:24:21:24:40 | array to pointer conversion | test.cpp:24:21:24:40 | Store |
+| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | Store |
 | test.cpp:28:10:28:29 | http://example.com | test.cpp:11:26:11:28 | url |
+| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com |
+| test.cpp:35:23:35:42 | array to pointer conversion | test.cpp:39:11:39:15 | url_l |
 | test.cpp:35:23:35:42 | http://example.com | test.cpp:39:11:39:15 | url_l |
+| test.cpp:36:26:36:45 | array to pointer conversion | test.cpp:40:11:40:17 | access to array |
+| test.cpp:36:26:36:45 | array to pointer conversion | test.cpp:40:11:40:17 | access to array indirection |
 | test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array |
+| test.cpp:36:26:36:45 | http://example.com | test.cpp:40:11:40:17 | access to array indirection |
+| test.cpp:38:11:38:15 | Load | test.cpp:38:11:38:15 | url_g |
+| test.cpp:38:11:38:15 | url_g | test.cpp:11:26:11:28 | url |
 | test.cpp:39:11:39:15 | url_l | test.cpp:11:26:11:28 | url |
 | test.cpp:40:11:40:17 | access to array | test.cpp:11:26:11:28 | url |
+| test.cpp:40:11:40:17 | access to array indirection | test.cpp:11:26:11:28 | url indirection |
 | test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
+| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer |
+| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer indirection |
+| test.cpp:46:18:46:26 | http:// | test.cpp:49:11:49:16 | buffer indirection |
 | test.cpp:49:11:49:16 | buffer | test.cpp:11:26:11:28 | url |
+| test.cpp:49:11:49:16 | buffer indirection | test.cpp:11:26:11:28 | url indirection |
+| test.cpp:110:21:110:40 | (char *)... | test.cpp:121:11:121:13 | ptr |
+| test.cpp:110:21:110:40 | (char *)... | test.cpp:121:11:121:13 | ptr indirection |
+| test.cpp:110:21:110:40 | array to pointer conversion | test.cpp:121:11:121:13 | ptr |
+| test.cpp:110:21:110:40 | array to pointer conversion | test.cpp:121:11:121:13 | ptr indirection |
 | test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:121:11:121:13 | ptr indirection |
 | test.cpp:121:11:121:13 | ptr | test.cpp:11:26:11:28 | url |
+| test.cpp:121:11:121:13 | ptr indirection | test.cpp:11:26:11:28 | url indirection |
 nodes
 | test.cpp:11:26:11:28 | url | semmle.label | url |
+| test.cpp:11:26:11:28 | url indirection | semmle.label | url indirection |
 | test.cpp:15:30:15:32 | url | semmle.label | url |
+| test.cpp:24:13:24:17 | url_g | semmle.label | url_g |
+| test.cpp:24:21:24:40 | Store | semmle.label | Store |
+| test.cpp:24:21:24:40 | array to pointer conversion | semmle.label | array to pointer conversion |
+| test.cpp:24:21:24:40 | http://example.com | semmle.label | http://example.com |
 | test.cpp:28:10:28:29 | http://example.com | semmle.label | http://example.com |
+| test.cpp:28:10:28:29 | http://example.com | semmle.label | http://example.com |
+| test.cpp:35:23:35:42 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:35:23:35:42 | http://example.com | semmle.label | http://example.com |
+| test.cpp:36:26:36:45 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:36:26:36:45 | http://example.com | semmle.label | http://example.com |
+| test.cpp:38:11:38:15 | Load | semmle.label | Load |
+| test.cpp:38:11:38:15 | url_g | semmle.label | url_g |
 | test.cpp:39:11:39:15 | url_l | semmle.label | url_l |
 | test.cpp:40:11:40:17 | access to array | semmle.label | access to array |
+| test.cpp:40:11:40:17 | access to array indirection | semmle.label | access to array indirection |
+| test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
 | test.cpp:46:18:46:26 | http:// | semmle.label | http:// |
 | test.cpp:49:11:49:16 | buffer | semmle.label | buffer |
+| test.cpp:49:11:49:16 | buffer indirection | semmle.label | buffer indirection |
+| test.cpp:110:21:110:40 | (char *)... | semmle.label | (char *)... |
+| test.cpp:110:21:110:40 | array to pointer conversion | semmle.label | array to pointer conversion |
 | test.cpp:110:21:110:40 | http://example.com | semmle.label | http://example.com |
 | test.cpp:121:11:121:13 | ptr | semmle.label | ptr |
+| test.cpp:121:11:121:13 | ptr indirection | semmle.label | ptr indirection |
 subpaths
 #select
+| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | array to pointer conversion | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:24:21:24:40 | http://example.com | test.cpp:24:21:24:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:28:10:28:29 | http://example.com | test.cpp:28:10:28:29 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | array to pointer conversion | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:35:23:35:42 | http://example.com | test.cpp:35:23:35:42 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | array to pointer conversion | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:36:26:36:45 | http://example.com | test.cpp:36:26:36:45 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:46:18:46:26 | http:// | test.cpp:46:18:46:26 | http:// | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | (char *)... | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
+| test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | array to pointer conversion | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
 | test.cpp:110:21:110:40 | http://example.com | test.cpp:110:21:110:40 | http://example.com | test.cpp:15:30:15:32 | url | This URL may be constructed with the HTTP protocol. |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-326/InsufficientKeySize.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-326/InsufficientKeySize.expected
@@ -1,10 +1,16 @@
 edges
+| test.cpp:34:45:34:48 | Constant | test.cpp:34:45:34:48 | 1024 |
+| test.cpp:35:49:35:52 | Constant | test.cpp:35:49:35:52 | 1024 |
+| test.cpp:37:43:37:46 | Constant | test.cpp:37:43:37:46 | 1024 |
 nodes
 | test.cpp:34:45:34:48 | 1024 | semmle.label | 1024 |
+| test.cpp:34:45:34:48 | Constant | semmle.label | Constant |
 | test.cpp:35:49:35:52 | 1024 | semmle.label | 1024 |
+| test.cpp:35:49:35:52 | Constant | semmle.label | Constant |
 | test.cpp:37:43:37:46 | 1024 | semmle.label | 1024 |
+| test.cpp:37:43:37:46 | Constant | semmle.label | Constant |
 subpaths
 #select
-| test.cpp:34:5:34:38 | call to EVP_PKEY_CTX_set_dsa_paramgen_bits | test.cpp:34:45:34:48 | 1024 | test.cpp:34:45:34:48 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:34:45:34:48 | 1024 | 1024 |
-| test.cpp:35:5:35:42 | call to EVP_PKEY_CTX_set_dh_paramgen_prime_len | test.cpp:35:49:35:52 | 1024 | test.cpp:35:49:35:52 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:35:49:35:52 | 1024 | 1024 |
-| test.cpp:37:5:37:36 | call to EVP_PKEY_CTX_set_rsa_keygen_bits | test.cpp:37:43:37:46 | 1024 | test.cpp:37:43:37:46 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:37:43:37:46 | 1024 | 1024 |
+| test.cpp:34:5:34:38 | call to EVP_PKEY_CTX_set_dsa_paramgen_bits | test.cpp:34:45:34:48 | Constant | test.cpp:34:45:34:48 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:34:45:34:48 | Constant | 1024 |
+| test.cpp:35:5:35:42 | call to EVP_PKEY_CTX_set_dh_paramgen_prime_len | test.cpp:35:49:35:52 | Constant | test.cpp:35:49:35:52 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:35:49:35:52 | Constant | 1024 |
+| test.cpp:37:5:37:36 | call to EVP_PKEY_CTX_set_rsa_keygen_bits | test.cpp:37:43:37:46 | Constant | test.cpp:37:43:37:46 | 1024 | The key size $@ is less than the recommended key size of 2048 bits. | test.cpp:37:43:37:46 | Constant | 1024 |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/SAMATE/PotentiallyExposedSystemData.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/SAMATE/PotentiallyExposedSystemData.expected
@@ -1,8 +1,8 @@
 edges
-| tests.c:57:21:57:28 | password | tests.c:70:70:70:77 | array to pointer conversion |
+| tests.c:57:21:57:28 | password | tests.c:70:70:70:77 | password |
 nodes
 | tests.c:57:21:57:28 | password | semmle.label | password |
-| tests.c:70:70:70:77 | array to pointer conversion | semmle.label | array to pointer conversion |
+| tests.c:70:70:70:77 | password | semmle.label | password |
 subpaths
 #select
-| tests.c:70:70:70:77 | array to pointer conversion | tests.c:57:21:57:28 | password | tests.c:70:70:70:77 | array to pointer conversion | This operation potentially exposes sensitive system data from $@. | tests.c:57:21:57:28 | password | password |
+| tests.c:70:70:70:77 | password | tests.c:57:21:57:28 | password | tests.c:70:70:70:77 | password | This operation potentially exposes sensitive system data from $@. | tests.c:57:21:57:28 | password | password |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/ExposedSystemData.expected
@@ -1,32 +1,32 @@
 edges
-| tests2.cpp:50:13:50:19 | global1 | tests2.cpp:82:14:82:20 | global1 |
-| tests2.cpp:50:13:50:19 | global1 | tests2.cpp:82:14:82:20 | global1 |
+| tests2.cpp:50:13:50:19 | global1 | tests2.cpp:82:14:82:20 | Load |
 | tests2.cpp:50:23:50:43 | Store | tests2.cpp:50:13:50:19 | global1 |
 | tests2.cpp:50:23:50:43 | call to mysql_get_client_info | tests2.cpp:50:23:50:43 | Store |
-| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:26 | (const char *)... |
-| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | (const char *)... |
-| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | (const char *)... |
-| tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:34 | (const char *)... |
-| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | (const char *)... |
-| tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info |
-| tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info |
-| tests2.cpp:82:14:82:20 | global1 | tests2.cpp:82:14:82:20 | global1 |
-| tests2.cpp:82:14:82:20 | global1 | tests2.cpp:82:14:82:20 | global1 |
+| tests2.cpp:63:13:63:18 | call to getenv | tests2.cpp:63:13:63:26 | call to getenv |
+| tests2.cpp:64:13:64:18 | call to getenv | tests2.cpp:64:13:64:26 | call to getenv |
+| tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:30 | call to getenv |
+| tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:34 | call to getenv |
+| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | array to pointer conversion |
+| tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer |
+| tests2.cpp:82:14:82:20 | Load | tests2.cpp:82:14:82:20 | global1 |
 | tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 |
 | tests2.cpp:101:8:101:15 | call to getpwuid | tests2.cpp:102:14:102:15 | pw |
-| tests2.cpp:109:3:109:4 | c1 [post update] [ptr] | tests2.cpp:111:14:111:15 | c1 [read] [ptr] |
-| tests2.cpp:109:6:109:8 | ptr [post update] | tests2.cpp:109:3:109:4 | c1 [post update] [ptr] |
-| tests2.cpp:109:12:109:17 | call to getenv | tests2.cpp:109:6:109:8 | ptr [post update] |
-| tests2.cpp:111:14:111:15 | c1 [read] [ptr] | tests2.cpp:111:14:111:19 | (const char *)... |
-| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | (const void *)... |
+| tests2.cpp:109:3:109:36 | Store | tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] |
+| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] | tests2.cpp:111:14:111:15 | c1 indirection [ptr] |
+| tests2.cpp:109:12:109:17 | call to getenv | tests2.cpp:109:3:109:36 | Store |
+| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | tests2.cpp:111:14:111:19 | ptr |
+| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | tests2.cpp:111:17:111:19 | ptr |
+| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | tests2.cpp:111:17:111:19 | ptr |
+| tests2.cpp:111:17:111:19 | ptr | tests2.cpp:111:14:111:19 | ptr |
+| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | path |
 | tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | path |
-| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | (const void *)... |
 | tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | path |
-| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | (const void *)... |
+| tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | path |
+| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | path |
 | tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | path |
-| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | (const void *)... |
 | tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | path |
-| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | (const void *)... |
+| tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:80:20:80:23 | path |
+| tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf |
 | tests_sysconf.cpp:36:21:36:27 | confstr output argument | tests_sysconf.cpp:39:19:39:25 | pathbuf |
 nodes
 | tests2.cpp:50:13:50:19 | global1 | semmle.label | global1 |
@@ -34,43 +34,45 @@ nodes
 | tests2.cpp:50:23:50:43 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
 | tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:63:13:63:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:63:13:63:26 | (const char *)... | semmle.label | (const char *)... |
+| tests2.cpp:63:13:63:26 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:64:13:64:18 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:64:13:64:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:64:13:64:26 | (const char *)... | semmle.label | (const char *)... |
+| tests2.cpp:64:13:64:26 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:65:13:65:18 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:65:13:65:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:65:13:65:30 | (const char *)... | semmle.label | (const char *)... |
+| tests2.cpp:65:13:65:30 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:66:13:66:18 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:66:13:66:18 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:66:13:66:34 | (const char *)... | semmle.label | (const char *)... |
+| tests2.cpp:66:13:66:34 | call to getenv | semmle.label | call to getenv |
 | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
 | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
-| tests2.cpp:80:14:80:34 | call to mysql_get_client_info | semmle.label | call to mysql_get_client_info |
-| tests2.cpp:81:14:81:19 | (const char *)... | semmle.label | (const char *)... |
-| tests2.cpp:82:14:82:20 | global1 | semmle.label | global1 |
+| tests2.cpp:81:14:81:19 | array to pointer conversion | semmle.label | array to pointer conversion |
+| tests2.cpp:81:14:81:19 | buffer | semmle.label | buffer |
+| tests2.cpp:82:14:82:20 | Load | semmle.label | Load |
 | tests2.cpp:82:14:82:20 | global1 | semmle.label | global1 |
 | tests2.cpp:91:42:91:45 | str1 | semmle.label | str1 |
 | tests2.cpp:93:14:93:17 | str1 | semmle.label | str1 |
 | tests2.cpp:101:8:101:15 | call to getpwuid | semmle.label | call to getpwuid |
 | tests2.cpp:102:14:102:15 | pw | semmle.label | pw |
-| tests2.cpp:109:3:109:4 | c1 [post update] [ptr] | semmle.label | c1 [post update] [ptr] |
-| tests2.cpp:109:6:109:8 | ptr [post update] | semmle.label | ptr [post update] |
+| tests2.cpp:109:3:109:36 | Store | semmle.label | Store |
+| tests2.cpp:109:6:109:8 | c1 indirection [post update] [ptr] | semmle.label | c1 indirection [post update] [ptr] |
 | tests2.cpp:109:12:109:17 | call to getenv | semmle.label | call to getenv |
-| tests2.cpp:111:14:111:15 | c1 [read] [ptr] | semmle.label | c1 [read] [ptr] |
-| tests2.cpp:111:14:111:19 | (const char *)... | semmle.label | (const char *)... |
+| tests2.cpp:111:14:111:15 | c1 indirection [ptr] | semmle.label | c1 indirection [ptr] |
+| tests2.cpp:111:14:111:19 | ptr | semmle.label | ptr |
+| tests2.cpp:111:17:111:19 | ptr | semmle.label | ptr |
+| tests2.cpp:111:17:111:19 | ptr | semmle.label | ptr |
 | tests_sockets.cpp:26:15:26:20 | call to getenv | semmle.label | call to getenv |
-| tests_sockets.cpp:39:19:39:22 | (const void *)... | semmle.label | (const void *)... |
 | tests_sockets.cpp:39:19:39:22 | path | semmle.label | path |
-| tests_sockets.cpp:43:20:43:23 | (const void *)... | semmle.label | (const void *)... |
+| tests_sockets.cpp:39:19:39:22 | path | semmle.label | path |
+| tests_sockets.cpp:43:20:43:23 | path | semmle.label | path |
 | tests_sockets.cpp:43:20:43:23 | path | semmle.label | path |
 | tests_sockets.cpp:63:15:63:20 | call to getenv | semmle.label | call to getenv |
-| tests_sockets.cpp:76:19:76:22 | (const void *)... | semmle.label | (const void *)... |
 | tests_sockets.cpp:76:19:76:22 | path | semmle.label | path |
-| tests_sockets.cpp:80:20:80:23 | (const void *)... | semmle.label | (const void *)... |
+| tests_sockets.cpp:76:19:76:22 | path | semmle.label | path |
+| tests_sockets.cpp:80:20:80:23 | path | semmle.label | path |
 | tests_sockets.cpp:80:20:80:23 | path | semmle.label | path |
 | tests_sysconf.cpp:36:21:36:27 | confstr output argument | semmle.label | confstr output argument |
-| tests_sysconf.cpp:39:19:39:25 | (const void *)... | semmle.label | (const void *)... |
+| tests_sysconf.cpp:39:19:39:25 | pathbuf | semmle.label | pathbuf |
 | tests_sysconf.cpp:39:19:39:25 | pathbuf | semmle.label | pathbuf |
 subpaths
 #select
@@ -79,12 +81,12 @@ subpaths
 | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | tests2.cpp:65:13:65:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:65:13:65:18 | call to getenv | call to getenv |
 | tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:18 | call to getenv | tests2.cpp:66:13:66:18 | call to getenv | This operation exposes system data from $@. | tests2.cpp:66:13:66:18 | call to getenv | call to getenv |
 | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | This operation exposes system data from $@. | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | call to mysql_get_client_info |
-| tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | This operation exposes system data from $@. | tests2.cpp:80:14:80:34 | call to mysql_get_client_info | call to mysql_get_client_info |
-| tests2.cpp:81:14:81:19 | (const char *)... | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | call to mysql_get_client_info |
+| tests2.cpp:81:14:81:19 | array to pointer conversion | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | array to pointer conversion | This operation exposes system data from $@. | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | call to mysql_get_client_info |
+| tests2.cpp:81:14:81:19 | buffer | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | tests2.cpp:81:14:81:19 | buffer | This operation exposes system data from $@. | tests2.cpp:78:18:78:38 | call to mysql_get_client_info | call to mysql_get_client_info |
 | tests2.cpp:82:14:82:20 | global1 | tests2.cpp:50:23:50:43 | call to mysql_get_client_info | tests2.cpp:82:14:82:20 | global1 | This operation exposes system data from $@. | tests2.cpp:50:23:50:43 | call to mysql_get_client_info | call to mysql_get_client_info |
 | tests2.cpp:93:14:93:17 | str1 | tests2.cpp:91:42:91:45 | str1 | tests2.cpp:93:14:93:17 | str1 | This operation exposes system data from $@. | tests2.cpp:91:42:91:45 | str1 | str1 |
 | tests2.cpp:102:14:102:15 | pw | tests2.cpp:101:8:101:15 | call to getpwuid | tests2.cpp:102:14:102:15 | pw | This operation exposes system data from $@. | tests2.cpp:101:8:101:15 | call to getpwuid | call to getpwuid |
-| tests2.cpp:111:14:111:19 | (const char *)... | tests2.cpp:109:12:109:17 | call to getenv | tests2.cpp:111:14:111:19 | (const char *)... | This operation exposes system data from $@. | tests2.cpp:109:12:109:17 | call to getenv | call to getenv |
+| tests2.cpp:111:17:111:19 | ptr | tests2.cpp:109:12:109:17 | call to getenv | tests2.cpp:111:17:111:19 | ptr | This operation exposes system data from $@. | tests2.cpp:109:12:109:17 | call to getenv | call to getenv |
 | tests_sockets.cpp:39:19:39:22 | path | tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:39:19:39:22 | path | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv | call to getenv |
 | tests_sockets.cpp:43:20:43:23 | path | tests_sockets.cpp:26:15:26:20 | call to getenv | tests_sockets.cpp:43:20:43:23 | path | This operation exposes system data from $@. | tests_sockets.cpp:26:15:26:20 | call to getenv | call to getenv |
 | tests_sockets.cpp:76:19:76:22 | path | tests_sockets.cpp:63:15:63:20 | call to getenv | tests_sockets.cpp:76:19:76:22 | path | This operation exposes system data from $@. | tests_sockets.cpp:63:15:63:20 | call to getenv | call to getenv |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-497/semmle/tests/PotentiallyExposedSystemData.expected
@@ -1,126 +1,107 @@
 edges
-| tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | (const char *)... |
-| tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | (const char *)... |
-| tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | (const char *)... |
-| tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | (const char_type *)... |
-| tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | (const char_type *)... |
-| tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | (const char *)... |
-| tests.cpp:62:7:62:18 | global_token | tests.cpp:69:17:69:28 | global_token |
-| tests.cpp:62:7:62:18 | global_token | tests.cpp:71:27:71:38 | global_token |
-| tests.cpp:62:7:62:18 | global_token | tests.cpp:71:27:71:38 | global_token |
+| tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | call to getenv |
+| tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | call to getenv |
+| tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | call to getenv |
+| tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | call to getenv |
+| tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | call to getenv |
+| tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | call to getenv |
+| tests.cpp:62:7:62:18 | global_token | tests.cpp:69:17:69:28 | Load |
+| tests.cpp:62:7:62:18 | global_token | tests.cpp:71:27:71:38 | Load |
 | tests.cpp:62:22:62:27 | Store | tests.cpp:62:7:62:18 | global_token |
 | tests.cpp:62:22:62:27 | call to getenv | tests.cpp:62:22:62:27 | Store |
-| tests.cpp:69:17:69:28 | global_token | tests.cpp:73:27:73:31 | maybe |
-| tests.cpp:71:27:71:38 | global_token | tests.cpp:71:27:71:38 | global_token |
-| tests.cpp:71:27:71:38 | global_token | tests.cpp:71:27:71:38 | global_token |
-| tests.cpp:86:29:86:31 | *msg | tests.cpp:88:15:88:17 | msg |
+| tests.cpp:69:17:69:28 | Load | tests.cpp:73:27:73:31 | maybe |
+| tests.cpp:71:27:71:38 | Load | tests.cpp:71:27:71:38 | global_token |
 | tests.cpp:86:29:86:31 | msg | tests.cpp:88:15:88:17 | msg |
-| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | (const char *)... |
 | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv |
-| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv indirection |
+| tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv |
 | tests.cpp:97:13:97:34 | call to getenv | tests.cpp:86:29:86:31 | msg |
-| tests.cpp:97:13:97:34 | call to getenv indirection | tests.cpp:86:29:86:31 | *msg |
-| tests.cpp:107:30:107:32 | *msg | tests.cpp:111:15:111:17 | tmp |
 | tests.cpp:107:30:107:32 | msg | tests.cpp:111:15:111:17 | tmp |
-| tests.cpp:114:30:114:32 | *msg | tests.cpp:119:7:119:12 | (const char *)... |
-| tests.cpp:114:30:114:32 | msg | tests.cpp:119:7:119:12 | (const char *)... |
-| tests.cpp:122:30:122:32 | *msg | tests.cpp:124:15:124:17 | msg |
+| tests.cpp:114:30:114:32 | msg | tests.cpp:119:7:119:12 | array to pointer conversion |
+| tests.cpp:114:30:114:32 | msg | tests.cpp:119:7:119:12 | buffer |
 | tests.cpp:122:30:122:32 | msg | tests.cpp:124:15:124:17 | msg |
 | tests.cpp:131:14:131:19 | call to getenv | tests.cpp:131:14:131:35 | call to getenv |
-| tests.cpp:131:14:131:19 | call to getenv | tests.cpp:131:14:131:35 | call to getenv indirection |
 | tests.cpp:131:14:131:35 | call to getenv | tests.cpp:107:30:107:32 | msg |
-| tests.cpp:131:14:131:35 | call to getenv indirection | tests.cpp:107:30:107:32 | *msg |
 | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:132:14:132:35 | call to getenv |
-| tests.cpp:132:14:132:19 | call to getenv | tests.cpp:132:14:132:35 | call to getenv indirection |
 | tests.cpp:132:14:132:35 | call to getenv | tests.cpp:114:30:114:32 | msg |
-| tests.cpp:132:14:132:35 | call to getenv indirection | tests.cpp:114:30:114:32 | *msg |
-| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | (const char *)... |
 | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv |
-| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv indirection |
+| tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv |
 | tests.cpp:133:14:133:35 | call to getenv | tests.cpp:122:30:122:32 | msg |
-| tests.cpp:133:14:133:35 | call to getenv indirection | tests.cpp:122:30:122:32 | *msg |
 | tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:18:29:18:31 | pwd |
 | tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:19:26:19:28 | pwd |
 nodes
 | tests.cpp:48:15:48:20 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:48:15:48:20 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:48:15:48:36 | (const char *)... | semmle.label | (const char *)... |
+| tests.cpp:48:15:48:36 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:49:15:49:20 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:49:15:49:20 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:49:15:49:36 | (const char *)... | semmle.label | (const char *)... |
+| tests.cpp:49:15:49:36 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:50:15:50:20 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:50:15:50:20 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:50:15:50:36 | (const char *)... | semmle.label | (const char *)... |
+| tests.cpp:50:15:50:36 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:57:18:57:23 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:57:18:57:23 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:57:18:57:39 | (const char_type *)... | semmle.label | (const char_type *)... |
+| tests.cpp:57:18:57:39 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:58:41:58:46 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:58:41:58:46 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:58:41:58:62 | (const char_type *)... | semmle.label | (const char_type *)... |
+| tests.cpp:58:41:58:62 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:59:43:59:48 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:59:43:59:48 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:59:43:59:64 | (const char *)... | semmle.label | (const char *)... |
+| tests.cpp:59:43:59:64 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:62:7:62:18 | global_token | semmle.label | global_token |
 | tests.cpp:62:22:62:27 | Store | semmle.label | Store |
 | tests.cpp:62:22:62:27 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:69:17:69:28 | global_token | semmle.label | global_token |
-| tests.cpp:71:27:71:38 | global_token | semmle.label | global_token |
+| tests.cpp:69:17:69:28 | Load | semmle.label | Load |
+| tests.cpp:71:27:71:38 | Load | semmle.label | Load |
 | tests.cpp:71:27:71:38 | global_token | semmle.label | global_token |
 | tests.cpp:73:27:73:31 | maybe | semmle.label | maybe |
-| tests.cpp:86:29:86:31 | *msg | semmle.label | *msg |
 | tests.cpp:86:29:86:31 | msg | semmle.label | msg |
 | tests.cpp:88:15:88:17 | msg | semmle.label | msg |
 | tests.cpp:97:13:97:18 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:97:13:97:18 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:97:13:97:34 | (const char *)... | semmle.label | (const char *)... |
 | tests.cpp:97:13:97:34 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:97:13:97:34 | call to getenv indirection | semmle.label | call to getenv indirection |
-| tests.cpp:107:30:107:32 | *msg | semmle.label | *msg |
+| tests.cpp:97:13:97:34 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:107:30:107:32 | msg | semmle.label | msg |
 | tests.cpp:111:15:111:17 | tmp | semmle.label | tmp |
-| tests.cpp:114:30:114:32 | *msg | semmle.label | *msg |
 | tests.cpp:114:30:114:32 | msg | semmle.label | msg |
-| tests.cpp:119:7:119:12 | (const char *)... | semmle.label | (const char *)... |
-| tests.cpp:122:30:122:32 | *msg | semmle.label | *msg |
+| tests.cpp:119:7:119:12 | array to pointer conversion | semmle.label | array to pointer conversion |
+| tests.cpp:119:7:119:12 | buffer | semmle.label | buffer |
 | tests.cpp:122:30:122:32 | msg | semmle.label | msg |
 | tests.cpp:124:15:124:17 | msg | semmle.label | msg |
 | tests.cpp:131:14:131:19 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:131:14:131:35 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:131:14:131:35 | call to getenv indirection | semmle.label | call to getenv indirection |
 | tests.cpp:132:14:132:19 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:132:14:132:35 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:132:14:132:35 | call to getenv indirection | semmle.label | call to getenv indirection |
 | tests.cpp:133:14:133:19 | call to getenv | semmle.label | call to getenv |
 | tests.cpp:133:14:133:19 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:133:14:133:35 | (const char *)... | semmle.label | (const char *)... |
 | tests.cpp:133:14:133:35 | call to getenv | semmle.label | call to getenv |
-| tests.cpp:133:14:133:35 | call to getenv indirection | semmle.label | call to getenv indirection |
+| tests.cpp:133:14:133:35 | call to getenv | semmle.label | call to getenv |
 | tests_passwd.cpp:16:8:16:15 | call to getpwnam | semmle.label | call to getpwnam |
 | tests_passwd.cpp:18:29:18:31 | pwd | semmle.label | pwd |
 | tests_passwd.cpp:19:26:19:28 | pwd | semmle.label | pwd |
 subpaths
 #select
 | tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv | call to getenv |
-| tests.cpp:48:15:48:36 | (const char *)... | tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv | call to getenv |
+| tests.cpp:48:15:48:36 | call to getenv | tests.cpp:48:15:48:20 | call to getenv | tests.cpp:48:15:48:36 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:48:15:48:20 | call to getenv | call to getenv |
 | tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv | call to getenv |
-| tests.cpp:49:15:49:36 | (const char *)... | tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv | call to getenv |
+| tests.cpp:49:15:49:36 | call to getenv | tests.cpp:49:15:49:20 | call to getenv | tests.cpp:49:15:49:36 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:49:15:49:20 | call to getenv | call to getenv |
 | tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:20 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv | call to getenv |
-| tests.cpp:50:15:50:36 | (const char *)... | tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv | call to getenv |
+| tests.cpp:50:15:50:36 | call to getenv | tests.cpp:50:15:50:20 | call to getenv | tests.cpp:50:15:50:36 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:50:15:50:20 | call to getenv | call to getenv |
 | tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:23 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv | call to getenv |
-| tests.cpp:57:18:57:39 | (const char_type *)... | tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | (const char_type *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv | call to getenv |
+| tests.cpp:57:18:57:39 | call to getenv | tests.cpp:57:18:57:23 | call to getenv | tests.cpp:57:18:57:39 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:57:18:57:23 | call to getenv | call to getenv |
 | tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:46 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv | call to getenv |
-| tests.cpp:58:41:58:62 | (const char_type *)... | tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | (const char_type *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv | call to getenv |
+| tests.cpp:58:41:58:62 | call to getenv | tests.cpp:58:41:58:46 | call to getenv | tests.cpp:58:41:58:62 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:58:41:58:46 | call to getenv | call to getenv |
 | tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:48 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv | call to getenv |
-| tests.cpp:59:43:59:64 | (const char *)... | tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv | call to getenv |
+| tests.cpp:59:43:59:64 | call to getenv | tests.cpp:59:43:59:48 | call to getenv | tests.cpp:59:43:59:64 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:59:43:59:48 | call to getenv | call to getenv |
 | tests.cpp:71:27:71:38 | global_token | tests.cpp:62:22:62:27 | call to getenv | tests.cpp:71:27:71:38 | global_token | This operation potentially exposes sensitive system data from $@. | tests.cpp:62:22:62:27 | call to getenv | call to getenv |
 | tests.cpp:73:27:73:31 | maybe | tests.cpp:62:22:62:27 | call to getenv | tests.cpp:73:27:73:31 | maybe | This operation potentially exposes sensitive system data from $@. | tests.cpp:62:22:62:27 | call to getenv | call to getenv |
 | tests.cpp:88:15:88:17 | msg | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:88:15:88:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
 | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
-| tests.cpp:97:13:97:34 | (const char *)... | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
+| tests.cpp:97:13:97:34 | call to getenv | tests.cpp:97:13:97:18 | call to getenv | tests.cpp:97:13:97:34 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:97:13:97:18 | call to getenv | call to getenv |
 | tests.cpp:111:15:111:17 | tmp | tests.cpp:131:14:131:19 | call to getenv | tests.cpp:111:15:111:17 | tmp | This operation potentially exposes sensitive system data from $@. | tests.cpp:131:14:131:19 | call to getenv | call to getenv |
-| tests.cpp:119:7:119:12 | (const char *)... | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:119:7:119:12 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv | call to getenv |
+| tests.cpp:119:7:119:12 | array to pointer conversion | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:119:7:119:12 | array to pointer conversion | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv | call to getenv |
+| tests.cpp:119:7:119:12 | buffer | tests.cpp:132:14:132:19 | call to getenv | tests.cpp:119:7:119:12 | buffer | This operation potentially exposes sensitive system data from $@. | tests.cpp:132:14:132:19 | call to getenv | call to getenv |
 | tests.cpp:124:15:124:17 | msg | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:124:15:124:17 | msg | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
 | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
-| tests.cpp:133:14:133:35 | (const char *)... | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | (const char *)... | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
+| tests.cpp:133:14:133:35 | call to getenv | tests.cpp:133:14:133:19 | call to getenv | tests.cpp:133:14:133:35 | call to getenv | This operation potentially exposes sensitive system data from $@. | tests.cpp:133:14:133:19 | call to getenv | call to getenv |
 | tests_passwd.cpp:18:29:18:31 | pwd | tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:18:29:18:31 | pwd | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam | call to getpwnam |
 | tests_passwd.cpp:19:26:19:28 | pwd | tests_passwd.cpp:16:8:16:15 | call to getpwnam | tests_passwd.cpp:19:26:19:28 | pwd | This operation potentially exposes sensitive system data from $@. | tests_passwd.cpp:16:8:16:15 | call to getpwnam | call to getpwnam |
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected
@@ -1,101 +1,34 @@
 edges
-| tests2.cpp:20:17:20:31 | SAXParser output argument | tests2.cpp:22:2:22:2 | p |
-| tests2.cpp:33:17:33:31 | SAXParser output argument | tests2.cpp:37:2:37:2 | p |
 | tests3.cpp:23:21:23:53 | call to createXMLReader | tests3.cpp:25:2:25:2 | p |
-| tests3.cpp:35:16:35:20 | p_3_3 | tests3.cpp:38:2:38:6 | p_3_3 |
-| tests3.cpp:35:24:35:56 | Store | tests3.cpp:35:16:35:20 | p_3_3 |
-| tests3.cpp:35:24:35:56 | call to createXMLReader | tests3.cpp:35:24:35:56 | Store |
-| tests3.cpp:41:16:41:20 | p_3_4 | tests3.cpp:45:2:45:6 | p_3_4 |
-| tests3.cpp:41:24:41:56 | Store | tests3.cpp:41:16:41:20 | p_3_4 |
-| tests3.cpp:41:24:41:56 | call to createXMLReader | tests3.cpp:41:24:41:56 | Store |
-| tests3.cpp:48:16:48:20 | p_3_5 | tests3.cpp:56:2:56:6 | p_3_5 |
-| tests3.cpp:48:24:48:56 | Store | tests3.cpp:48:16:48:20 | p_3_5 |
-| tests3.cpp:48:24:48:56 | call to createXMLReader | tests3.cpp:48:24:48:56 | Store |
 | tests3.cpp:60:21:60:53 | call to createXMLReader | tests3.cpp:63:2:63:2 | p |
 | tests3.cpp:67:21:67:53 | call to createXMLReader | tests3.cpp:70:2:70:2 | p |
 | tests5.cpp:27:25:27:38 | call to createLSParser | tests5.cpp:29:2:29:2 | p |
 | tests5.cpp:40:25:40:38 | call to createLSParser | tests5.cpp:43:2:43:2 | p |
 | tests5.cpp:55:25:55:38 | call to createLSParser | tests5.cpp:59:2:59:2 | p |
-| tests5.cpp:63:14:63:17 | g_p1 | tests5.cpp:76:2:76:5 | g_p1 |
-| tests5.cpp:63:21:63:24 | g_p2 | tests5.cpp:77:2:77:5 | g_p2 |
-| tests5.cpp:67:2:67:32 | Store | tests5.cpp:63:14:63:17 | g_p1 |
-| tests5.cpp:67:17:67:30 | call to createLSParser | tests5.cpp:67:2:67:32 | Store |
-| tests5.cpp:70:2:70:32 | Store | tests5.cpp:63:21:63:24 | g_p2 |
-| tests5.cpp:70:17:70:30 | call to createLSParser | tests5.cpp:70:2:70:32 | Store |
 | tests5.cpp:81:25:81:38 | call to createLSParser | tests5.cpp:83:2:83:2 | p |
 | tests5.cpp:81:25:81:38 | call to createLSParser | tests5.cpp:83:2:83:2 | p |
 | tests5.cpp:83:2:83:2 | p | tests5.cpp:85:2:85:2 | p |
 | tests5.cpp:85:2:85:2 | p | tests5.cpp:86:2:86:2 | p |
 | tests5.cpp:86:2:86:2 | p | tests5.cpp:88:2:88:2 | p |
 | tests5.cpp:88:2:88:2 | p | tests5.cpp:89:2:89:2 | p |
-| tests.cpp:15:23:15:43 | XercesDOMParser output argument | tests.cpp:17:2:17:2 | p |
-| tests.cpp:28:23:28:43 | XercesDOMParser output argument | tests.cpp:31:2:31:2 | p |
-| tests.cpp:35:19:35:19 | VariableAddress [post update] | tests.cpp:37:2:37:2 | p |
-| tests.cpp:35:23:35:43 | XercesDOMParser output argument | tests.cpp:35:19:35:19 | VariableAddress [post update] |
-| tests.cpp:37:2:37:2 | p | tests.cpp:38:2:38:2 | p |
-| tests.cpp:38:2:38:2 | p | tests.cpp:39:2:39:2 | p |
-| tests.cpp:51:19:51:19 | VariableAddress [post update] | tests.cpp:53:2:53:2 | p |
-| tests.cpp:51:23:51:43 | XercesDOMParser output argument | tests.cpp:51:19:51:19 | VariableAddress [post update] |
-| tests.cpp:53:2:53:2 | p | tests.cpp:54:2:54:2 | p |
-| tests.cpp:54:2:54:2 | p | tests.cpp:55:2:55:2 | p |
-| tests.cpp:55:2:55:2 | p | tests.cpp:56:2:56:2 | p |
-| tests.cpp:55:2:55:2 | p | tests.cpp:56:2:56:2 | p |
-| tests.cpp:56:2:56:2 | p | tests.cpp:57:2:57:2 | p |
-| tests.cpp:57:2:57:2 | p | tests.cpp:58:2:58:2 | p |
-| tests.cpp:58:2:58:2 | p | tests.cpp:59:2:59:2 | p |
-| tests.cpp:59:2:59:2 | p | tests.cpp:60:2:60:2 | p |
-| tests.cpp:66:23:66:43 | XercesDOMParser output argument | tests.cpp:69:2:69:2 | p |
-| tests.cpp:73:23:73:43 | XercesDOMParser output argument | tests.cpp:80:2:80:2 | p |
-| tests.cpp:85:24:85:44 | XercesDOMParser output argument | tests.cpp:88:3:88:3 | q |
-| tests.cpp:100:24:100:44 | XercesDOMParser output argument | tests.cpp:104:3:104:3 | q |
-| tests.cpp:112:39:112:39 | p | tests.cpp:113:2:113:2 | p |
-| tests.cpp:116:39:116:39 | p | tests.cpp:117:2:117:2 | p |
-| tests.cpp:122:23:122:43 | XercesDOMParser output argument | tests.cpp:126:18:126:18 | q |
-| tests.cpp:122:23:122:43 | XercesDOMParser output argument | tests.cpp:128:18:128:18 | q |
-| tests.cpp:126:18:126:18 | q | tests.cpp:112:39:112:39 | p |
-| tests.cpp:128:18:128:18 | q | tests.cpp:116:39:116:39 | p |
 nodes
-| tests2.cpp:20:17:20:31 | SAXParser output argument | semmle.label | SAXParser output argument |
-| tests2.cpp:22:2:22:2 | p | semmle.label | p |
-| tests2.cpp:33:17:33:31 | SAXParser output argument | semmle.label | SAXParser output argument |
-| tests2.cpp:37:2:37:2 | p | semmle.label | p |
 | tests3.cpp:23:21:23:53 | call to createXMLReader | semmle.label | call to createXMLReader |
 | tests3.cpp:25:2:25:2 | p | semmle.label | p |
-| tests3.cpp:35:16:35:20 | p_3_3 | semmle.label | p_3_3 |
-| tests3.cpp:35:24:35:56 | Store | semmle.label | Store |
-| tests3.cpp:35:24:35:56 | call to createXMLReader | semmle.label | call to createXMLReader |
-| tests3.cpp:38:2:38:6 | p_3_3 | semmle.label | p_3_3 |
-| tests3.cpp:41:16:41:20 | p_3_4 | semmle.label | p_3_4 |
-| tests3.cpp:41:24:41:56 | Store | semmle.label | Store |
-| tests3.cpp:41:24:41:56 | call to createXMLReader | semmle.label | call to createXMLReader |
-| tests3.cpp:45:2:45:6 | p_3_4 | semmle.label | p_3_4 |
-| tests3.cpp:48:16:48:20 | p_3_5 | semmle.label | p_3_5 |
-| tests3.cpp:48:24:48:56 | Store | semmle.label | Store |
-| tests3.cpp:48:24:48:56 | call to createXMLReader | semmle.label | call to createXMLReader |
-| tests3.cpp:56:2:56:6 | p_3_5 | semmle.label | p_3_5 |
 | tests3.cpp:60:21:60:53 | call to createXMLReader | semmle.label | call to createXMLReader |
 | tests3.cpp:63:2:63:2 | p | semmle.label | p |
 | tests3.cpp:67:21:67:53 | call to createXMLReader | semmle.label | call to createXMLReader |
 | tests3.cpp:70:2:70:2 | p | semmle.label | p |
-| tests4.cpp:26:34:26:48 | (int)... | semmle.label | (int)... |
-| tests4.cpp:36:34:36:50 | (int)... | semmle.label | (int)... |
+| tests4.cpp:26:34:26:48 | XML_PARSE_NOENT | semmle.label | XML_PARSE_NOENT |
+| tests4.cpp:36:34:36:50 | XML_PARSE_DTDLOAD | semmle.label | XML_PARSE_DTDLOAD |
 | tests4.cpp:46:34:46:68 | ... \| ... | semmle.label | ... \| ... |
 | tests4.cpp:77:34:77:38 | flags | semmle.label | flags |
-| tests4.cpp:130:39:130:55 | (int)... | semmle.label | (int)... |
+| tests4.cpp:130:39:130:55 | XML_PARSE_DTDLOAD | semmle.label | XML_PARSE_DTDLOAD |
 | tests5.cpp:27:25:27:38 | call to createLSParser | semmle.label | call to createLSParser |
 | tests5.cpp:29:2:29:2 | p | semmle.label | p |
 | tests5.cpp:40:25:40:38 | call to createLSParser | semmle.label | call to createLSParser |
 | tests5.cpp:43:2:43:2 | p | semmle.label | p |
 | tests5.cpp:55:25:55:38 | call to createLSParser | semmle.label | call to createLSParser |
 | tests5.cpp:59:2:59:2 | p | semmle.label | p |
-| tests5.cpp:63:14:63:17 | g_p1 | semmle.label | g_p1 |
-| tests5.cpp:63:21:63:24 | g_p2 | semmle.label | g_p2 |
-| tests5.cpp:67:2:67:32 | Store | semmle.label | Store |
-| tests5.cpp:67:17:67:30 | call to createLSParser | semmle.label | call to createLSParser |
-| tests5.cpp:70:2:70:32 | Store | semmle.label | Store |
-| tests5.cpp:70:17:70:30 | call to createLSParser | semmle.label | call to createLSParser |
-| tests5.cpp:76:2:76:5 | g_p1 | semmle.label | g_p1 |
-| tests5.cpp:77:2:77:5 | g_p2 | semmle.label | g_p2 |
 | tests5.cpp:81:25:81:38 | call to createLSParser | semmle.label | call to createLSParser |
 | tests5.cpp:83:2:83:2 | p | semmle.label | p |
 | tests5.cpp:83:2:83:2 | p | semmle.label | p |
@@ -103,71 +36,18 @@ nodes
 | tests5.cpp:86:2:86:2 | p | semmle.label | p |
 | tests5.cpp:88:2:88:2 | p | semmle.label | p |
 | tests5.cpp:89:2:89:2 | p | semmle.label | p |
-| tests.cpp:15:23:15:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:17:2:17:2 | p | semmle.label | p |
-| tests.cpp:28:23:28:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:31:2:31:2 | p | semmle.label | p |
-| tests.cpp:35:19:35:19 | VariableAddress [post update] | semmle.label | VariableAddress [post update] |
-| tests.cpp:35:23:35:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:37:2:37:2 | p | semmle.label | p |
-| tests.cpp:38:2:38:2 | p | semmle.label | p |
-| tests.cpp:39:2:39:2 | p | semmle.label | p |
-| tests.cpp:51:19:51:19 | VariableAddress [post update] | semmle.label | VariableAddress [post update] |
-| tests.cpp:51:23:51:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:53:2:53:2 | p | semmle.label | p |
-| tests.cpp:54:2:54:2 | p | semmle.label | p |
-| tests.cpp:55:2:55:2 | p | semmle.label | p |
-| tests.cpp:56:2:56:2 | p | semmle.label | p |
-| tests.cpp:56:2:56:2 | p | semmle.label | p |
-| tests.cpp:57:2:57:2 | p | semmle.label | p |
-| tests.cpp:58:2:58:2 | p | semmle.label | p |
-| tests.cpp:59:2:59:2 | p | semmle.label | p |
-| tests.cpp:60:2:60:2 | p | semmle.label | p |
-| tests.cpp:66:23:66:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:69:2:69:2 | p | semmle.label | p |
-| tests.cpp:73:23:73:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:80:2:80:2 | p | semmle.label | p |
-| tests.cpp:85:24:85:44 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:88:3:88:3 | q | semmle.label | q |
-| tests.cpp:100:24:100:44 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:104:3:104:3 | q | semmle.label | q |
-| tests.cpp:112:39:112:39 | p | semmle.label | p |
-| tests.cpp:113:2:113:2 | p | semmle.label | p |
-| tests.cpp:116:39:116:39 | p | semmle.label | p |
-| tests.cpp:117:2:117:2 | p | semmle.label | p |
-| tests.cpp:122:23:122:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
-| tests.cpp:126:18:126:18 | q | semmle.label | q |
-| tests.cpp:128:18:128:18 | q | semmle.label | q |
 subpaths
 #select
-| tests2.cpp:22:2:22:2 | p | tests2.cpp:20:17:20:31 | SAXParser output argument | tests2.cpp:22:2:22:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests2.cpp:20:17:20:31 | SAXParser output argument | XML parser |
-| tests2.cpp:37:2:37:2 | p | tests2.cpp:33:17:33:31 | SAXParser output argument | tests2.cpp:37:2:37:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests2.cpp:33:17:33:31 | SAXParser output argument | XML parser |
 | tests3.cpp:25:2:25:2 | p | tests3.cpp:23:21:23:53 | call to createXMLReader | tests3.cpp:25:2:25:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests3.cpp:23:21:23:53 | call to createXMLReader | XML parser |
-| tests3.cpp:38:2:38:6 | p_3_3 | tests3.cpp:35:24:35:56 | call to createXMLReader | tests3.cpp:38:2:38:6 | p_3_3 | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests3.cpp:35:24:35:56 | call to createXMLReader | XML parser |
-| tests3.cpp:45:2:45:6 | p_3_4 | tests3.cpp:41:24:41:56 | call to createXMLReader | tests3.cpp:45:2:45:6 | p_3_4 | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests3.cpp:41:24:41:56 | call to createXMLReader | XML parser |
-| tests3.cpp:56:2:56:6 | p_3_5 | tests3.cpp:48:24:48:56 | call to createXMLReader | tests3.cpp:56:2:56:6 | p_3_5 | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests3.cpp:48:24:48:56 | call to createXMLReader | XML parser |
 | tests3.cpp:63:2:63:2 | p | tests3.cpp:60:21:60:53 | call to createXMLReader | tests3.cpp:63:2:63:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests3.cpp:60:21:60:53 | call to createXMLReader | XML parser |
 | tests3.cpp:70:2:70:2 | p | tests3.cpp:67:21:67:53 | call to createXMLReader | tests3.cpp:70:2:70:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests3.cpp:67:21:67:53 | call to createXMLReader | XML parser |
-| tests4.cpp:26:34:26:48 | (int)... | tests4.cpp:26:34:26:48 | (int)... | tests4.cpp:26:34:26:48 | (int)... | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests4.cpp:26:34:26:48 | (int)... | XML parser |
-| tests4.cpp:36:34:36:50 | (int)... | tests4.cpp:36:34:36:50 | (int)... | tests4.cpp:36:34:36:50 | (int)... | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests4.cpp:36:34:36:50 | (int)... | XML parser |
+| tests4.cpp:26:34:26:48 | XML_PARSE_NOENT | tests4.cpp:26:34:26:48 | XML_PARSE_NOENT | tests4.cpp:26:34:26:48 | XML_PARSE_NOENT | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests4.cpp:26:34:26:48 | XML_PARSE_NOENT | XML parser |
+| tests4.cpp:36:34:36:50 | XML_PARSE_DTDLOAD | tests4.cpp:36:34:36:50 | XML_PARSE_DTDLOAD | tests4.cpp:36:34:36:50 | XML_PARSE_DTDLOAD | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests4.cpp:36:34:36:50 | XML_PARSE_DTDLOAD | XML parser |
 | tests4.cpp:46:34:46:68 | ... \| ... | tests4.cpp:46:34:46:68 | ... \| ... | tests4.cpp:46:34:46:68 | ... \| ... | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests4.cpp:46:34:46:68 | ... \| ... | XML parser |
 | tests4.cpp:77:34:77:38 | flags | tests4.cpp:77:34:77:38 | flags | tests4.cpp:77:34:77:38 | flags | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests4.cpp:77:34:77:38 | flags | XML parser |
-| tests4.cpp:130:39:130:55 | (int)... | tests4.cpp:130:39:130:55 | (int)... | tests4.cpp:130:39:130:55 | (int)... | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests4.cpp:130:39:130:55 | (int)... | XML parser |
+| tests4.cpp:130:39:130:55 | XML_PARSE_DTDLOAD | tests4.cpp:130:39:130:55 | XML_PARSE_DTDLOAD | tests4.cpp:130:39:130:55 | XML_PARSE_DTDLOAD | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests4.cpp:130:39:130:55 | XML_PARSE_DTDLOAD | XML parser |
 | tests5.cpp:29:2:29:2 | p | tests5.cpp:27:25:27:38 | call to createLSParser | tests5.cpp:29:2:29:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests5.cpp:27:25:27:38 | call to createLSParser | XML parser |
 | tests5.cpp:43:2:43:2 | p | tests5.cpp:40:25:40:38 | call to createLSParser | tests5.cpp:43:2:43:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests5.cpp:40:25:40:38 | call to createLSParser | XML parser |
 | tests5.cpp:59:2:59:2 | p | tests5.cpp:55:25:55:38 | call to createLSParser | tests5.cpp:59:2:59:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests5.cpp:55:25:55:38 | call to createLSParser | XML parser |
-| tests5.cpp:76:2:76:5 | g_p1 | tests5.cpp:67:17:67:30 | call to createLSParser | tests5.cpp:76:2:76:5 | g_p1 | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests5.cpp:67:17:67:30 | call to createLSParser | XML parser |
-| tests5.cpp:77:2:77:5 | g_p2 | tests5.cpp:70:17:70:30 | call to createLSParser | tests5.cpp:77:2:77:5 | g_p2 | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests5.cpp:70:17:70:30 | call to createLSParser | XML parser |
 | tests5.cpp:83:2:83:2 | p | tests5.cpp:81:25:81:38 | call to createLSParser | tests5.cpp:83:2:83:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests5.cpp:81:25:81:38 | call to createLSParser | XML parser |
 | tests5.cpp:89:2:89:2 | p | tests5.cpp:81:25:81:38 | call to createLSParser | tests5.cpp:89:2:89:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests5.cpp:81:25:81:38 | call to createLSParser | XML parser |
-| tests.cpp:17:2:17:2 | p | tests.cpp:15:23:15:43 | XercesDOMParser output argument | tests.cpp:17:2:17:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:15:23:15:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:31:2:31:2 | p | tests.cpp:28:23:28:43 | XercesDOMParser output argument | tests.cpp:31:2:31:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:28:23:28:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:39:2:39:2 | p | tests.cpp:35:23:35:43 | XercesDOMParser output argument | tests.cpp:39:2:39:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:35:23:35:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:56:2:56:2 | p | tests.cpp:51:23:51:43 | XercesDOMParser output argument | tests.cpp:56:2:56:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:51:23:51:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:60:2:60:2 | p | tests.cpp:51:23:51:43 | XercesDOMParser output argument | tests.cpp:60:2:60:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:51:23:51:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:69:2:69:2 | p | tests.cpp:66:23:66:43 | XercesDOMParser output argument | tests.cpp:69:2:69:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:66:23:66:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:80:2:80:2 | p | tests.cpp:73:23:73:43 | XercesDOMParser output argument | tests.cpp:80:2:80:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:73:23:73:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:88:3:88:3 | q | tests.cpp:85:24:85:44 | XercesDOMParser output argument | tests.cpp:88:3:88:3 | q | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:85:24:85:44 | XercesDOMParser output argument | XML parser |
-| tests.cpp:104:3:104:3 | q | tests.cpp:100:24:100:44 | XercesDOMParser output argument | tests.cpp:104:3:104:3 | q | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:100:24:100:44 | XercesDOMParser output argument | XML parser |
-| tests.cpp:113:2:113:2 | p | tests.cpp:122:23:122:43 | XercesDOMParser output argument | tests.cpp:113:2:113:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:122:23:122:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:117:2:117:2 | p | tests.cpp:122:23:122:43 | XercesDOMParser output argument | tests.cpp:117:2:117:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:122:23:122:43 | XercesDOMParser output argument | XML parser |