C++: Rewrite 'cpp/user-controlled-bypass' away from 'DefaultTaintTracking'.

cpp/ql/test/query-tests/Security/CWE/CWE-290/semmle/AuthenticationBypass/AuthenticationBypass.expected

@@ -1,54 +1,26 @@
 edges
-| test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address |
-| test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address |
-| test.cpp:16:25:16:42 | call to getenv | test.cpp:20:14:20:20 | address |
-| test.cpp:16:25:16:42 | call to getenv | test.cpp:20:14:20:20 | address |
-| test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address |
-| test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address |
-| test.cpp:27:25:27:42 | call to getenv | test.cpp:31:14:31:20 | address |
-| test.cpp:27:25:27:42 | call to getenv | test.cpp:31:14:31:20 | address |
-| test.cpp:38:25:38:30 | call to getenv | test.cpp:42:14:42:20 | address |
-| test.cpp:38:25:38:30 | call to getenv | test.cpp:42:14:42:20 | address |
-| test.cpp:38:25:38:42 | call to getenv | test.cpp:42:14:42:20 | address |
-| test.cpp:38:25:38:42 | call to getenv | test.cpp:42:14:42:20 | address |
-| test.cpp:49:25:49:30 | call to getenv | test.cpp:52:14:52:20 | address |
-| test.cpp:49:25:49:30 | call to getenv | test.cpp:52:14:52:20 | address |
-| test.cpp:49:25:49:30 | call to getenv | test.cpp:56:14:56:20 | address |
-| test.cpp:49:25:49:30 | call to getenv | test.cpp:56:14:56:20 | address |
-| test.cpp:49:25:49:30 | call to getenv | test.cpp:60:14:60:20 | address |
-| test.cpp:49:25:49:30 | call to getenv | test.cpp:60:14:60:20 | address |
-| test.cpp:49:25:49:42 | call to getenv | test.cpp:52:14:52:20 | address |
-| test.cpp:49:25:49:42 | call to getenv | test.cpp:52:14:52:20 | address |
-| test.cpp:49:25:49:42 | call to getenv | test.cpp:56:14:56:20 | address |
-| test.cpp:49:25:49:42 | call to getenv | test.cpp:56:14:56:20 | address |
-| test.cpp:49:25:49:42 | call to getenv | test.cpp:60:14:60:20 | address |
-| test.cpp:49:25:49:42 | call to getenv | test.cpp:60:14:60:20 | address |
-subpaths
+| test.cpp:16:25:16:42 | call to getenv indirection | test.cpp:20:14:20:20 | address indirection |
+| test.cpp:27:25:27:42 | call to getenv indirection | test.cpp:31:14:31:20 | address indirection |
+| test.cpp:38:25:38:42 | call to getenv indirection | test.cpp:42:14:42:20 | address indirection |
+| test.cpp:49:25:49:42 | call to getenv indirection | test.cpp:52:14:52:20 | address indirection |
+| test.cpp:49:25:49:42 | call to getenv indirection | test.cpp:56:14:56:20 | address indirection |
+| test.cpp:49:25:49:42 | call to getenv indirection | test.cpp:60:14:60:20 | address indirection |
 nodes
-| test.cpp:16:25:16:30 | call to getenv | semmle.label | call to getenv |
-| test.cpp:16:25:16:42 | call to getenv | semmle.label | call to getenv |
-| test.cpp:20:14:20:20 | address | semmle.label | address |
-| test.cpp:20:14:20:20 | address | semmle.label | address |
-| test.cpp:27:25:27:30 | call to getenv | semmle.label | call to getenv |
-| test.cpp:27:25:27:42 | call to getenv | semmle.label | call to getenv |
-| test.cpp:31:14:31:20 | address | semmle.label | address |
-| test.cpp:31:14:31:20 | address | semmle.label | address |
-| test.cpp:38:25:38:30 | call to getenv | semmle.label | call to getenv |
-| test.cpp:38:25:38:42 | call to getenv | semmle.label | call to getenv |
-| test.cpp:42:14:42:20 | address | semmle.label | address |
-| test.cpp:42:14:42:20 | address | semmle.label | address |
-| test.cpp:49:25:49:30 | call to getenv | semmle.label | call to getenv |
-| test.cpp:49:25:49:42 | call to getenv | semmle.label | call to getenv |
-| test.cpp:52:14:52:20 | address | semmle.label | address |
-| test.cpp:52:14:52:20 | address | semmle.label | address |
-| test.cpp:56:14:56:20 | address | semmle.label | address |
-| test.cpp:56:14:56:20 | address | semmle.label | address |
-| test.cpp:60:14:60:20 | address | semmle.label | address |
-| test.cpp:60:14:60:20 | address | semmle.label | address |
+| test.cpp:16:25:16:42 | call to getenv indirection | semmle.label | call to getenv indirection |
+| test.cpp:20:14:20:20 | address indirection | semmle.label | address indirection |
+| test.cpp:27:25:27:42 | call to getenv indirection | semmle.label | call to getenv indirection |
+| test.cpp:31:14:31:20 | address indirection | semmle.label | address indirection |
+| test.cpp:38:25:38:42 | call to getenv indirection | semmle.label | call to getenv indirection |
+| test.cpp:42:14:42:20 | address indirection | semmle.label | address indirection |
+| test.cpp:49:25:49:42 | call to getenv indirection | semmle.label | call to getenv indirection |
+| test.cpp:52:14:52:20 | address indirection | semmle.label | address indirection |
+| test.cpp:56:14:56:20 | address indirection | semmle.label | address indirection |
+| test.cpp:60:14:60:20 | address indirection | semmle.label | address indirection |
+subpaths
 #select
-| test.cpp:20:7:20:12 | call to strcmp | test.cpp:16:25:16:30 | call to getenv | test.cpp:20:14:20:20 | address | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:16:25:16:30 | call to getenv | call to getenv |
-| test.cpp:31:7:31:12 | call to strcmp | test.cpp:27:25:27:30 | call to getenv | test.cpp:31:14:31:20 | address | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:27:25:27:30 | call to getenv | call to getenv |
-| test.cpp:42:7:42:12 | call to strcmp | test.cpp:38:25:38:30 | call to getenv | test.cpp:42:14:42:20 | address | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:38:25:38:30 | call to getenv | call to getenv |
-| test.cpp:52:7:52:12 | call to strcmp | test.cpp:49:25:49:30 | call to getenv | test.cpp:52:14:52:20 | address | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:49:25:49:30 | call to getenv | call to getenv |
-| test.cpp:56:7:56:12 | call to strcmp | test.cpp:49:25:49:30 | call to getenv | test.cpp:56:14:56:20 | address | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:49:25:49:30 | call to getenv | call to getenv |
-| test.cpp:60:7:60:12 | call to strcmp | test.cpp:49:25:49:30 | call to getenv | test.cpp:60:14:60:20 | address | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:49:25:49:30 | call to getenv | call to getenv |
+| test.cpp:20:7:20:12 | call to strcmp | test.cpp:16:25:16:42 | call to getenv indirection | test.cpp:20:14:20:20 | address indirection | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:16:25:16:42 | call to getenv indirection | an environment variable |
+| test.cpp:31:7:31:12 | call to strcmp | test.cpp:27:25:27:42 | call to getenv indirection | test.cpp:31:14:31:20 | address indirection | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:27:25:27:42 | call to getenv indirection | an environment variable |
+| test.cpp:42:7:42:12 | call to strcmp | test.cpp:38:25:38:42 | call to getenv indirection | test.cpp:42:14:42:20 | address indirection | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:38:25:38:42 | call to getenv indirection | an environment variable |
+| test.cpp:52:7:52:12 | call to strcmp | test.cpp:49:25:49:42 | call to getenv indirection | test.cpp:52:14:52:20 | address indirection | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:49:25:49:42 | call to getenv indirection | an environment variable |
+| test.cpp:56:7:56:12 | call to strcmp | test.cpp:49:25:49:42 | call to getenv indirection | test.cpp:56:14:56:20 | address indirection | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:49:25:49:42 | call to getenv indirection | an environment variable |
+| test.cpp:60:7:60:12 | call to strcmp | test.cpp:49:25:49:42 | call to getenv indirection | test.cpp:60:14:60:20 | address indirection | Untrusted input $@ might be vulnerable to a spoofing attack. | test.cpp:49:25:49:42 | call to getenv indirection | an environment variable |